eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 16:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: eessppeelllloo:v1_1_1
Branches Tags
eessppeelllloo:main eessppeelllloo:doxygen-fixes eessppeelllloo:ci-fuzzing eessppeelllloo:master eessppeelllloo:tcrypt-argon2 eessppeelllloo:vm-test eessppeelllloo:coverity_scan eessppeelllloo:v2.8.x eessppeelllloo:v2.7.x eessppeelllloo:v2.3.x eessppeelllloo:v2.4.x eessppeelllloo:v2.2.x eessppeelllloo:v2_0_x eessppeelllloo:v1_7_x
eessppeelllloo:v2.8.1 eessppeelllloo:v2.8.1-rc0 eessppeelllloo:v2.8.0 eessppeelllloo:v2.8.0-rc1 eessppeelllloo:v2.8.0-rc0 eessppeelllloo:v2.7.5 eessppeelllloo:v2.7.4 eessppeelllloo:v2.7.3 eessppeelllloo:v2.7.2 eessppeelllloo:v2.7.1 eessppeelllloo:v2.7.0 eessppeelllloo:v2.7.0-rc1 eessppeelllloo:v2.7.0-rc0 eessppeelllloo:v2.6.1 eessppeelllloo:v2.6.0 eessppeelllloo:v2.6.0-rc0 eessppeelllloo:v2.5.0 eessppeelllloo:v2.5.0-rc1 eessppeelllloo:v2.3.7 eessppeelllloo:v2.4.3 eessppeelllloo:v2.4.2 eessppeelllloo:v2.4.1 eessppeelllloo:v2.4.0 eessppeelllloo:v2.4.0-rc1 eessppeelllloo:v2.4.0-rc0 eessppeelllloo:v2.3.6 eessppeelllloo:v2.3.5 eessppeelllloo:v2.3.5-rc0 eessppeelllloo:v2.3.4 eessppeelllloo:v2.3.3 eessppeelllloo:v2.3.2 eessppeelllloo:v2.3.1 eessppeelllloo:v2.3.0 eessppeelllloo:v2.3.0-rc0 eessppeelllloo:v2.2.2 eessppeelllloo:v2.2.1 eessppeelllloo:v2.2.0 eessppeelllloo:v2.2.0-rc1 eessppeelllloo:v2.2.0-rc0 eessppeelllloo:v2.1.0 eessppeelllloo:v2.0.6 eessppeelllloo:v2.0.5 eessppeelllloo:v2.0.4 eessppeelllloo:v2.0.3 eessppeelllloo:v2.0.2 eessppeelllloo:v2.0.1 eessppeelllloo:v2.0.0 eessppeelllloo:v2.0.0-rc1 eessppeelllloo:v2.0.0-rc0 eessppeelllloo:v1_7_5 eessppeelllloo:v1_7_4 eessppeelllloo:v1_7_3 eessppeelllloo:v1_7_2 eessppeelllloo:v1_7_1 eessppeelllloo:v1_7_0 eessppeelllloo:v1_6_8 eessppeelllloo:v1_6_7 eessppeelllloo:v1_6_6 eessppeelllloo:v1_6_5 eessppeelllloo:v1_6_4 eessppeelllloo:v1_6_3 eessppeelllloo:v1_6_2 eessppeelllloo:v1_6_1 eessppeelllloo:v1_6_0 eessppeelllloo:v1_5_1 eessppeelllloo:v1_5_0 eessppeelllloo:v1_4_3 eessppeelllloo:v1_4_2 eessppeelllloo:v1_4_1 eessppeelllloo:v1_4_0 eessppeelllloo:v1_3_1 eessppeelllloo:v1_3_0 eessppeelllloo:v1_2_0 eessppeelllloo:v1_1_3 eessppeelllloo:v1_1_2 eessppeelllloo:v1_1_1 eessppeelllloo:v1_1_0 eessppeelllloo:v1_0_7
..
compare: eessppeelllloo:v1_0_7
Branches Tags
eessppeelllloo:doxygen-fixes eessppeelllloo:ci-fuzzing eessppeelllloo:main eessppeelllloo:master eessppeelllloo:tcrypt-argon2 eessppeelllloo:vm-test eessppeelllloo:coverity_scan eessppeelllloo:v2.8.x eessppeelllloo:v2.7.x eessppeelllloo:v2.3.x eessppeelllloo:v2.4.x eessppeelllloo:v2.2.x eessppeelllloo:v2_0_x eessppeelllloo:v1_7_x
eessppeelllloo:v2.8.1 eessppeelllloo:v2.8.1-rc0 eessppeelllloo:v2.8.0 eessppeelllloo:v2.8.0-rc1 eessppeelllloo:v2.8.0-rc0 eessppeelllloo:v2.7.5 eessppeelllloo:v2.7.4 eessppeelllloo:v2.7.3 eessppeelllloo:v2.7.2 eessppeelllloo:v2.7.1 eessppeelllloo:v2.7.0 eessppeelllloo:v2.7.0-rc1 eessppeelllloo:v2.7.0-rc0 eessppeelllloo:v2.6.1 eessppeelllloo:v2.6.0 eessppeelllloo:v2.6.0-rc0 eessppeelllloo:v2.5.0 eessppeelllloo:v2.5.0-rc1 eessppeelllloo:v2.3.7 eessppeelllloo:v2.4.3 eessppeelllloo:v2.4.2 eessppeelllloo:v2.4.1 eessppeelllloo:v2.4.0 eessppeelllloo:v2.4.0-rc1 eessppeelllloo:v2.4.0-rc0 eessppeelllloo:v2.3.6 eessppeelllloo:v2.3.5 eessppeelllloo:v2.3.5-rc0 eessppeelllloo:v2.3.4 eessppeelllloo:v2.3.3 eessppeelllloo:v2.3.2 eessppeelllloo:v2.3.1 eessppeelllloo:v2.3.0 eessppeelllloo:v2.3.0-rc0 eessppeelllloo:v2.2.2 eessppeelllloo:v2.2.1 eessppeelllloo:v2.2.0 eessppeelllloo:v2.2.0-rc1 eessppeelllloo:v2.2.0-rc0 eessppeelllloo:v2.1.0 eessppeelllloo:v2.0.6 eessppeelllloo:v2.0.5 eessppeelllloo:v2.0.4 eessppeelllloo:v2.0.3 eessppeelllloo:v2.0.2 eessppeelllloo:v2.0.1 eessppeelllloo:v2.0.0 eessppeelllloo:v2.0.0-rc1 eessppeelllloo:v2.0.0-rc0 eessppeelllloo:v1_7_5 eessppeelllloo:v1_7_4 eessppeelllloo:v1_7_3 eessppeelllloo:v1_7_2 eessppeelllloo:v1_7_1 eessppeelllloo:v1_7_0 eessppeelllloo:v1_6_8 eessppeelllloo:v1_6_7 eessppeelllloo:v1_6_6 eessppeelllloo:v1_6_5 eessppeelllloo:v1_6_4 eessppeelllloo:v1_6_3 eessppeelllloo:v1_6_2 eessppeelllloo:v1_6_1 eessppeelllloo:v1_6_0 eessppeelllloo:v1_5_1 eessppeelllloo:v1_5_0 eessppeelllloo:v1_4_3 eessppeelllloo:v1_4_2 eessppeelllloo:v1_4_1 eessppeelllloo:v1_4_0 eessppeelllloo:v1_3_1 eessppeelllloo:v1_3_0 eessppeelllloo:v1_2_0 eessppeelllloo:v1_1_3 eessppeelllloo:v1_1_2 eessppeelllloo:v1_1_1 eessppeelllloo:v1_1_0 eessppeelllloo:v1_0_7

1 Commits
v1_1_1 ... v1_0_7

Author SHA1 Message Date
Milan Broz
87bb3f36e3 Release 1.0.7 
git-svn-id: https://cryptsetup.googlecode.com/svn/tags/v1_0_7@67 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-07-22 10:55:31 +00:00
54 changed files with 3940 additions and 11868 deletions
Expand all files Collapse all files

138
ChangeLog
View File

@@ -1,141 +1,3 @@
2010-05-23 Milan Broz <mbroz@redhat.com>
* Fix luksClose operation for stacked DM devices.
* Version 1.1.1.
2010-05-03 Milan Broz <mbroz@redhat.com>
* Fix automatic dm-crypt module loading.
* Escape hyphens in man page.
* Version 1.1.1-rc2.
2010-04-30 Milan Broz <mbroz@redhat.com>
* Try to use pkgconfig for device mapper library.
* Detect old dm-crypt module and disable LUKS suspend/resume.
* Fix apitest to work on older systems.
* Allow no hash specification in plain device constructor.
* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
* Version 1.1.1-rc1.
2010-04-12 Milan Broz <mbroz@redhat.com>
* Fix package config to use proper package version.
* Avoid class C++ keyword in library header.
* Detect and use devmapper udev support if available (disable by --disable-udev).
2010-04-06 Milan Broz <mbroz@redhat.com>
* Prefer some device paths in status display.
* Support device topology detectionfor data alignment.
2010-02-25 Milan Broz <mbroz@redhat.com>
* Do not verify unlocking passphrase in luksAddKey command.
* Properly initialise crypto backend in header backup/restore commands.
2010-01-17 Milan Broz <mbroz@redhat.com>
* If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c).
* Version 1.1.0.
2010-01-10 Milan Broz <mbroz@redhat.com>
* Fix initialisation of gcrypt duting luksFormat.
* Convert hash name to lower case in header (fix sha1 backward comatible header)
* Check for minimum required gcrypt version.
2009-12-30 Milan Broz <mbroz@redhat.com>
* Fix key slot iteration count calculation (small -i value was the same as default).
* The slot and key digest iteration minimun is now 1000.
* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
* Version 1.1.0-rc4.
2009-12-11 Milan Broz <mbroz@redhat.com>
* Fix error handling during reading passhrase.
2009-12-01 Milan Broz <mbroz@redhat.com>
* Allow changes of default compiled-in cipher parameters through configure.
* Switch default key size for LUKS to 256bits.
* Switch default plain mode to aes-cbc-essiv:sha256 (default is backward incompatible!).
2009-11-14 Milan Broz <mbroz@redhat.com>
* Add CRYPT_ prefix to enum defined in libcryptsetup.h.
* Fix status call to fail when running as non-root user.
* Check in configure if selinux libraries are required in static version.
* Add temporary debug code to find processes locking internal device.
* Simplify build system, use autopoint and clean gettext processing.
* Use proper NLS macros and detection (so the message translation works again).
* Version 1.1.0-rc3.
2009-09-30 Milan Broz <mbroz@redhat.com>
* Fix exported symbols and versions in libcryptsetup.
* Do not use internal lib functions in cryptsetup.
* Add crypt_log to library.
* Fix crypt_remove_device (remove, luksClose) implementation.
* Move dm backend initialisation to library calls.
* Move duplicate Command failed message to verbose level (error is printed always).
* Add some password and used algorithms notes to man page.
* Version 1.1.0-rc2.
2009-09-28 Milan Broz <mbroz@redhat.com>
* Add luksHeaderBackup and luksHeaderRestore commands.
* Fail passphrase read if piped input no longer exists.
* Version 1.1.0-rc1.
2009-09-15 Milan Broz <mbroz@redhat.com>
* Initialize crypto library before LUKS header load.
* Fix manpage to not require --size which expands to device size by default.
2009-09-10 Milan Broz <mbroz@redhat.com>
* Clean up Makefiles and configure script.
* Version 1.1.0-test0.
2009-09-08 Milan Broz <mbroz@redhat.com>
* Use dm-uuid for all crypt devices, contains device type and name now.
* Try to read first sector from device to properly check that device is ready.
2009-09-02 Milan Broz <mbroz@redhat.com>
* Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
2009-08-30 Milan Broz <mbroz@redhat.com>
* Require device device-mapper to build and do not use backend wrapper for dm calls.
* Move memory locking and dm initialization to command layer.
* Increase priority of process if memory is locked.
* Add log macros and make logging modre consitent.
* Move command successful messages to verbose level.
* Introduce --debug parameter.
* Move device utils code and provide context parameter (for log).
* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
* Do not call isatty() on closed keyfile descriptor.
* Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results.
* Add ability to provide pre-generated master key and UUID in LUKS header format.
* Add LUKS function to verify master key digest.
* Move key slot manuipulation function into LUKS specific code.
* Replace global options struct with separate parameters in helper functions.
* Add new libcryptsetup API (documented in libcryptsetup.h).
* Implement old API calls using new functions.
* Remove old API code helper functions.
* Add --master-key-file option for luksFormat and luksAddKey.
2009-08-17 Milan Broz <mbroz@redhat.com>
* Fix PBKDF2 speed calculation for large passhrases.
* Allow using passphrase provided in options struct for LuksOpen.
* Allow restrict keys size in LuksOpen.
2009-07-30 Milan Broz <mbroz@redhat.com>
* Fix errors when compiled with LUKS_DEBUG.
* Print error when getline fails.
* Remove po/cryptsetup-luks.pot, it's autogenerated.
* Return ENOENT for empty keyslots, EINVAL will be used later for other type of error.
* Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here.
* Add required parameters for changing hash used in LUKS key setup scheme.
* Do not export simple XOR helper now used only inside AF functions.
* Completely remove internal SHA1 implementanion code, not needed anymore.
* Enable hash algorithm selection for LUKS through -h luksFormat option.
2009-07-28 Milan Broz <mbroz@redhat.com>
* Pad luks header to 512 sector size.
* Rework read/write blockwise to not split operation to many pieces.
* Use posix_memalign if available.
2009-07-22 Milan Broz <mbroz@redhat.com>
* Fix segfault if provided slot in luksKillslot is invalid.
* Remove unneeded timeout when remove of temporary device succeeded.
2009-07-22 Milan Broz <mbroz@redhat.com>
* version 1.0.7

1
Makefile.am
View File

@@ -3,7 +3,6 @@ SUBDIRS = \
lib \
src \
man \
tests \
po
ACLOCAL_AMFLAGS = -I m4

98
autogen.sh
View File

@@ -2,21 +2,13 @@
# Run this to generate all the initial makefiles, etc.
srcdir=`dirname $0`
PKG_NAME="cryptsetup"
PKG_NAME="the package."
DIE=0
(autopoint --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have autopoint installed."
echo "Download the appropriate package for your distribution,"
echo "or see http://www.gnu.org/software/gettext"
DIE=1
}
(autoconf --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have autoconf installed to."
echo "**Error**: You must have \`autoconf' installed to."
echo "Download the appropriate package for your distribution,"
echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/"
DIE=1
@@ -25,7 +17,7 @@ DIE=0
(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && {
(libtool --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have libtool installed."
echo "**Error**: You must have \`libtool' installed."
echo "Get ftp://ftp.gnu.org/pub/gnu/"
echo "(or a newer version if it is available)"
DIE=1
@@ -34,7 +26,7 @@ DIE=0
(automake --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have automake installed."
echo "**Error**: You must have \`automake' installed."
echo "Get ftp://ftp.gnu.org/pub/gnu/"
echo "(or a newer version if it is available)"
DIE=1
@@ -45,7 +37,7 @@ DIE=0
# if no automake, don't bother testing for aclocal
test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: Missing aclocal. The version of automake"
echo "**Error**: Missing \`aclocal'. The version of \`automake'"
echo "installed doesn't appear recent enough."
echo "Get ftp://ftp.gnu.org/pub/gnu/"
echo "(or a newer version if it is available)"
@@ -57,29 +49,73 @@ if test "$DIE" -eq 1; then
fi
if test -z "$*"; then
echo
echo "**Warning**: I am going to run 'configure' with no arguments."
echo "**Warning**: I am going to run \`configure' with no arguments."
echo "If you wish to pass any to it, please specify them on the"
echo \'$0\'" command line."
echo \`$0\'" command line."
echo
fi
echo
echo "Generate build-system by:"
echo " autopoint: $(autopoint --version | head -1)"
echo " aclocal: $(aclocal --version | head -1)"
echo " autoconf: $(autoconf --version | head -1)"
echo " automake: $(automake --version | head -1)"
echo " libtoolize: $(libtoolize --version | head -1)"
echo
case $CC in
xlc )
am_opt=--include-deps;;
esac
for coin in `find $srcdir -name configure.in -a \( ! -regex '.*/\..*' \) -print`
do
dr=`dirname $coin`
if test -f $dr/NO-AUTO-GEN; then
echo skipping $dr -- flagged as no auto-gen
else
echo processing $dr
macrodirs=`sed -n -e 's,AM_ACLOCAL_INCLUDE(\(.*\)),\1,gp' < $coin`
( cd $dr
aclocalinclude="$ACLOCAL_FLAGS"
for k in $macrodirs; do
if test -d $k; then
aclocalinclude="$aclocalinclude -I $k"
##else
## echo "**Warning**: No such directory \`$k'. Ignored."
fi
done
if grep "^AM_GNU_GETTEXT" configure.in >/dev/null; then
if grep "sed.*POTFILES" configure.in >/dev/null; then
: do nothing -- we still have an old unmodified configure.in
else
echo "Creating $dr/aclocal.m4 ..."
test -r $dr/aclocal.m4 || touch $dr/aclocal.m4
echo "Running gettextize... Ignore non-fatal messages."
./setup-gettext
echo "Making $dr/aclocal.m4 writable ..."
test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4
fi
fi
if grep "^AM_GNOME_GETTEXT" configure.in >/dev/null; then
echo "Creating $dr/aclocal.m4 ..."
test -r $dr/aclocal.m4 || touch $dr/aclocal.m4
echo "Running gettextize... Ignore non-fatal messages."
./setup-gettext
echo "Making $dr/aclocal.m4 writable ..."
test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4
fi
if grep "^AM_PROG_LIBTOOL" configure.in >/dev/null; then
echo "Running libtoolize..."
libtoolize --force --copy
fi
echo "Running aclocal $aclocalinclude ..."
aclocal $aclocalinclude
if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then
echo "Running autoheader..."
autoheader
fi
echo "Running automake --gnu $am_opt ..."
automake --add-missing --gnu $am_opt
echo "Running autoconf ..."
autoconf
)
fi
done
set -e
autopoint --force $AP_OPTS
libtoolize --force --copy
aclocal -I m4 $AL_OPTS
autoheader $AH_OPTS
automake --add-missing --gnu $AM_OPTS
autoconf $AC_OPTS
#conf_flags="--enable-maintainer-mode --enable-compile-warnings" #--enable-iso-c
if test x$NOCONFIGURE = x; then
echo Running $srcdir/configure $conf_flags "$@" ...

153
configure.in
View File

@@ -1,12 +1,6 @@
AC_PREREQ(2.57)
AC_INIT(cryptsetup,1.1.1)
dnl library version from <major>.<minor>.<release>[-<suffix>]
LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
LIBCRYPTSETUP_VERSION_INFO=1:0:0
AC_INIT(cryptsetup,1.0.7)
AC_CONFIG_SRCDIR(src/cryptsetup.c)
AC_CONFIG_MACRO_DIR([m4])
AM_CONFIG_HEADER([config.h:config.h.in])
AM_INIT_AUTOMAKE(dist-bzip2)
@@ -31,18 +25,16 @@ AC_HEADER_STDC
AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
ctype.h unistd.h locale.h)
AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR('You need the uuid library')])
AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR('You need the device-mapper library')])
AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR('You need the uuid library (from e2fsprogs)')])
saved_LIBS=$LIBS
AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR('You need the uuid library')])
AC_SUBST(UUID_LIBS, $LIBS)
LIBS=$saved_LIBS
saved_LIBS="$LIBS"
AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR('You need the uuid library (from e2fsprogs)')])
UUID_LIBS="$LIBS"
LIBS="$saved_LIBS"
AC_SUBST(UUID_LIBS)
AC_CHECK_FUNCS(setlocale)
AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR('You need the gcrypt library')])
AC_CHECK_FUNCS([posix_memalign])
AC_C_CONST
AC_C_BIGENDIAN
@@ -59,11 +51,12 @@ AM_GNU_GETTEXT_VERSION([0.15])
dnl ==========================================================================
saved_LIBS=$LIBS
saved_LIBS="$LIBS"
AC_CHECK_LIB(popt, poptConfigFileToString,,
[AC_MSG_ERROR([You need popt 1.7 or newer to compile.])])
AC_SUBST(POPT_LIBS, $LIBS)
LIBS=$saved_LIBS
AC_MSG_ERROR([You need popt 1.7 or newer to compile.]))
POPT_LIBS="$LIBS"
LIBS="$saved_LIBS"
AC_SUBST(POPT_LIBS)
dnl ==========================================================================
@@ -73,86 +66,56 @@ AC_ARG_ENABLE(shared-library,
enable_shared_library=yes)
AM_CONDITIONAL(STATIC_LIBRARY, test x$enable_shared_library = xno)
AC_ARG_ENABLE(plugins,
[ --enable-plugins disable shared library plugins],,enable_plugins=no)
if test "x$enable_plugins" = xyes; then
AC_DEFINE(USE_PLUGINS, 1, [Define if you wish to use the plugin loader])
fi
AC_ARG_ENABLE(, [
Modules:
--with-MODULE[[=shared]] builds the module MODULE as a shared library plugin
],,)
AC_ARG_ENABLE(all,
[ --disable-all disable all modules built by default],,enable_all=default)
MODULE_HELPER(libgcrypt,
[ --enable-libgcrypt enable libgcrypt crypto functions [[default=auto]]],auto,[
AM_PATH_LIBGCRYPT(1.1.42,have_module=yes)
])
AM_CONDITIONAL(BUILD_LIBGCRYPT, test x$build_static = xyes)
AM_CONDITIONAL(SHARED_LIBGCRYPT, test x$build_shared = xyes)
AC_ARG_ENABLE(selinux,
[ --disable-selinux disable selinux support [[default=auto]]],[], [])
AC_ARG_ENABLE([udev],AS_HELP_STRING([--disable-udev],[disable udev support]),[], enable_udev=yes)
dnl Try to use pkg-config for devmapper, but fallback to old detection
saved_LIBS=$LIBS
if AC_RUN_LOG([pkg-config --exists --print-errors devmapper]); then
PKG_PROG_PKG_CONFIG
if test x$enable_static = xyes; then
PKG_CONFIG="$PKG_CONFIG --static"
fi
PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03])
LIBS="$LIBS $DEVMAPPER_LIBS"
else
AC_CHECK_LIB(devmapper, dm_task_set_name,,
[AC_MSG_ERROR('You need the device-mapper library')])
AC_CHECK_LIB(devmapper, dm_task_set_message,,
[AC_MSG_ERROR([The device-mapper library on your system is too old.])])
DEVMAPPER_LIBS=$LIBS
fi
AC_CHECK_FUNCS([dm_task_set_cookie], [have_cookie=yes], [have_cookie=no])
if test "x$enable_udev" = xyes; then
if test "x$have_cookie" = xno; then
AC_MSG_WARN([The device-mapper library on your system has no udev support, udev support disabled.])
else
AC_DEFINE(USE_UDEV, 1, [Try to use udev synchronisation?])
fi
fi
LIBS=$saved_LIBS
if test "x$enable_selinux" != xno; then
AC_CHECK_LIB(sepol, sepol_bool_set)
AC_CHECK_LIB(selinux, is_selinux_enabled)
if test x$enable_static = xyes; then
SELINUX_STATIC_LIBS=$LIBS
MODULE_HELPER(libdevmapper,
[ --enable-libdevmapper enable dm-crypt backend through libdevmapper
[[default=auto]]],auto,[
have_module=yes
saved_LIBS="$LIBS"
if test "x$enable_selinux" != xno; then
AC_CHECK_LIB(sepol, sepol_bool_set)
AC_CHECK_LIB(selinux, is_selinux_enabled)
# Check if we need -pthread with --enable-static and selinux
saved_LIBS2=$LIBS
LIBS="$LIBS -static"
AC_SEARCH_LIBS([pthread_mutex_lock], [pthread],
[test "$ac_cv_search_pthread_mutex_lock" = "none required" || LIB_PTHREAD=-lpthread])
LIBS=$saved_LIBS2
if test x$build_static = xyes; then
saved_LIBS2="$LIBS"
LIBS="$LIBS -static"
AC_SEARCH_LIBS([pthread_mutex_lock], [pthread],
[test "$ac_cv_search_pthread_mutex_lock" = "none required" || LIB_PTHREAD=-lpthread])
LIBS="$saved_LIBS2"
fi
fi
fi
LIBS=$saved_LIBS
DEVMAPPER_LIBS="$DEVMAPPER_LIBS $LIB_PTHREAD"
AC_SUBST([DEVMAPPER_LIBS])
AC_SUBST([SELINUX_STATIC_LIBS])
AC_SUBST([LIBCRYPTSETUP_VERSION])
AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
dnl ==========================================================================
AC_DEFUN([CS_DEFINE],
[AC_DEFINE_UNQUOTED(DEFAULT_[]m4_translit([$1], [-a-z], [_A-Z]), [$2], [$3])
AC_CHECK_LIB(devmapper, dm_task_set_name,,unset have_module)
AC_CHECK_HEADER(libdevmapper.h,,unset have_module)
LIBDEVMAPPER_LIBS="$LIBS $LIB_PTHREAD"
LIBS="$saved_LIBS"
AC_SUBST(LIBDEVMAPPER_LIBS)
AC_SUBST(LIBDEVMAPPER_CFLAGS)
])
AC_DEFUN([CS_STR_WITH], [AC_ARG_WITH([$1],
[AS_HELP_STRING(--with-[$1], [default $2 [$3]])],
[CS_DEFINE([$1], ["$withval"], [$2])],
[CS_DEFINE([$1], ["$3"], [$2])]
)])
AC_DEFUN([CS_NUM_WITH], [AC_ARG_WITH([$1],
[AS_HELP_STRING(--with-[$1], [default $2 [$3]])],
[CS_DEFINE([$1], [$withval], [$2])],
[CS_DEFINE([$1], [$3], [$2])]
)])
CS_STR_WITH([plain-hash], [password hashing function for plain mode], [ripemd160])
CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes])
CS_STR_WITH([plain-mode], [cipher mode for plain mode], [cbc-essiv:sha256])
CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])
CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha1])
CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [cbc-essiv:sha256])
CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
AM_CONDITIONAL(BUILD_LIBDEVMAPPER, test x$build_static = xyes)
AM_CONDITIONAL(SHARED_LIBDEVMAPPER, test x$build_shared = xyes)
dnl ==========================================================================
@@ -163,10 +126,8 @@ dnl ==========================================================================
AC_OUTPUT([ Makefile
lib/Makefile
lib/libcryptsetup.pc
src/Makefile
po/Makefile.in
luks/Makefile
man/Makefile
tests/Makefile
])

61
lib/Makefile.am
View File

@@ -1,7 +1,28 @@
moduledir = $(libdir)/cryptsetup
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcryptsetup.pc
if BUILD_LIBDEVMAPPER
_LIBDEVMAPPER_LIBADD = @LIBDEVMAPPER_LIBS@
_LIBDEVMAPPER_SOURCES = libdevmapper.c
_LIBDEVMAPPER_CFLAGS = -DBUILTIN_LIBDEVMAPPER
endif
libbbackend_devmapper_la_SOURCES = libdevmapper.c
libbbackend_devmapper_la_LDFLAGS = -avoid-version -module
libbbackend_devmapper_la_LIBADD = @LIBDEVMAPPER_LIBS@
if SHARED_LIBDEVMAPPER
_LIBDEVMAPPER_SHLIB = libbbackend_devmapper.la
endif
if BUILD_LIBGCRYPT
_LIBGCRYPT_LIBADD = @LIBGCRYPT_LIBS@
_LIBGCRYPT_SOURCES = gcrypt.c
_LIBGCRYPT_CFLAGS = -DBUILTIN_GCRYPT
endif
libcrypto_gcrypt_la_SOURCES = gcrypt.c
libcrypto_gcrypt_la_LDFLAGS = -avoid-version -module
libcrypto_gcrypt_la_LIBADD = @LIBGCRYPT_LIBS@
if SHARED_LIBGCRYPT
_LIBGCRYPT_SHLIB = libcrypto_gcrypt.la
endif
INCLUDES = \
-I$(top_srcdir) \
@@ -13,41 +34,43 @@ INCLUDES = \
-DVERSION=\""$(VERSION)"\" \
-D_GNU_SOURCE \
-D_LARGEFILE64_SOURCE \
-D_FILE_OFFSET_BITS=64
-D_FILE_OFFSET_BITS=64 \
@LIBDEVMAPPER_CFLAGS@ \
$(_LIBDEVMAPPER_CFLAGS) \
@LIBGCRYPT_CFLAGS@ \
$(_LIBGCRYPT_CFLAGS)
lib_LTLIBRARIES = libcryptsetup.la
lib_LTLIBRARIES = \
libcryptsetup.la
module_LTLIBRARIES = \
$(_LIBDEVMAPPER_SHLIB) \
$(_LIBGCRYPT_SHLIB)
if STATIC_LIBRARY
_STATIC_LIBRARY = -static
endif
libcryptsetup_la_DEPENDENCIES = libcryptsetup.sym
libcryptsetup_la_LDFLAGS = \
$(_STATIC_LIBRARY) \
-Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \
-version-info @LIBCRYPTSETUP_VERSION_INFO@
$(_STATIC_LIBRARY)
libcryptsetup_la_CFLAGS = -Wall @LIBGCRYPT_CFLAGS@
libcryptsetup_la_CFLAGS = -Wall
libcryptsetup_la_LIBADD = \
$(_LIBDEVMAPPER_LIBADD) \
$(_LIBGCRYPT_LIBADD) \
@UUID_LIBS@ \
@DEVMAPPER_LIBS@ \
@LIBGCRYPT_LIBS@ \
../luks/libluks.la
libcryptsetup_la_SOURCES = \
setup.c \
internal.h \
nls.h \
blockdev.h \
libcryptsetup.h \
utils.c \
utils_debug.c \
backends.c \
libdevmapper.c \
gcrypt.c
$(_LIBDEVMAPPER_SOURCES) \
$(_LIBGCRYPT_SOURCES)
include_HEADERS = libcryptsetup.h
EXTRA_DIST = libcryptsetup.pc.in libcryptsetup.sym
include_HEADERS = \
libcryptsetup.h

39
lib/backends.c
View File

@@ -7,9 +7,27 @@
#include "internal.h"
extern struct hash_backend hash_gcrypt_backend;
extern struct setup_backend setup_libdevmapper_backend;
#ifdef USE_PLUGINS
static void init_plugins(void)
{
}
#else /* USE_PLUGINS */
# define init_plugins() do { } while(0)
#endif /* USE_PLUGINS */
static struct hash_backend *hash_backends[] = {
#ifdef BUILTIN_GCRYPT
&hash_gcrypt_backend,
#endif
NULL
};
static struct setup_backend *setup_backends[] = {
#ifdef BUILTIN_LIBDEVMAPPER
&setup_libdevmapper_backend,
#endif
NULL
};
@@ -17,6 +35,8 @@ struct hash_backend *get_hash_backend(const char *name)
{
struct hash_backend **backend;
init_plugins();
for(backend = hash_backends; *backend; backend++)
if (!name || strcmp(name, (*backend)->name) == 0)
break;
@@ -94,3 +114,22 @@ out:
return r;
}
struct setup_backend *get_setup_backend(const char *name)
{
struct setup_backend **backend;
init_plugins();
for(backend = setup_backends; *backend; backend++)
if (!name || strcmp(name, (*backend)->name) == 0)
break;
return *backend;
}
void put_setup_backend(struct setup_backend *backend)
{
#ifdef USE_PLUGINS
#endif
}

28
lib/gcrypt.c
View File

@@ -1,7 +1,6 @@
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <gcrypt.h>
#include "libcryptsetup.h"
@@ -10,33 +9,6 @@
#define MAX_DIGESTS 64
#define GCRYPT_REQ_VERSION "1.1.42"
int init_crypto(void)
{
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
if (!gcry_check_version (GCRYPT_REQ_VERSION))
return -ENOSYS;
/* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
* it drops all privileges during secure memory initialisation.
* For now, the only workaround is to disable secure memory in gcrypt.
* cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
* and it locks its memory space anyway.
*/
#if 0
log_dbg("Initializing crypto backend (secure memory disabled).");
gcry_control (GCRYCTL_DISABLE_SECMEM);
#else
log_dbg("Initializing crypto backend (using secure memory).");
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
#endif
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
}
return 0;
}
static int gcrypt_hash(void *data, int size, char *key,
int sizep, const char *passphrase)
{

84
lib/internal.h
View File

@@ -8,15 +8,9 @@
#include <stdint.h>
#include <stdarg.h>
#include <unistd.h>
#include <inttypes.h>
#include "nls.h"
#define SECTOR_SHIFT 9
#define SECTOR_SIZE (1 << SECTOR_SHIFT)
#define DEFAULT_ALIGNMENT 4096
#define MAX_TTY_PASSWORD_LEN 512
/* private struct crypt_options flags */
@@ -25,8 +19,6 @@
#define CRYPT_FLAG_PRIVATE_MASK ((unsigned int)-1 << 24)
#define at_least(a, b) ({ __typeof__(a) __at_least = (a); (__at_least >= (b))?__at_least:(b); })
struct hash_type {
char *name;
void *private;
@@ -40,13 +32,18 @@ struct hash_backend {
void (*free_hashes)(struct hash_type *hashes);
};
struct device_infos {
uint64_t size;
int readonly;
};
struct setup_backend {
const char *name;
int (*init)(void);
void (*exit)(void);
int (*create)(int reload, struct crypt_options *options,
const char *key, const char *uuid);
int (*status)(int details, struct crypt_options *options,
char **key);
int (*remove)(int force, struct crypt_options *options);
struct crypt_device;
int crypt_confirm(struct crypt_device *cd, const char *msg);
const char * (*dir)(void);
};
void set_error_va(const char *fmt, va_list va);
void set_error(const char *fmt, ...);
@@ -55,74 +52,25 @@ void *safe_alloc(size_t size);
void safe_free(void *data);
void *safe_realloc(void *data, size_t size);
char *safe_strdup(const char *s);
void set_debug_level(int level);
int init_crypto(void);
struct hash_backend *get_hash_backend(const char *name);
void put_hash_backend(struct hash_backend *backend);
int hash(const char *backend_name, const char *hash_name,
char *result, size_t size,
const char *passphrase, size_t sizep);
void hexprint(char *d, int n);
struct setup_backend *get_setup_backend(const char *name);
void put_setup_backend(struct setup_backend *backend);
/* Device mapper backend */
const char *dm_get_dir(void);
int dm_init(struct crypt_device *context, int check_kernel);
void dm_exit(void);
int dm_remove_device(const char *name, int force, uint64_t size);
int dm_status_device(const char *name);
int dm_query_device(const char *name,
char **device,
uint64_t *size,
uint64_t *skip,
uint64_t *offset,
char **cipher,
int *key_size,
char **key,
int *read_only,
int *suspended,
char **uuid);
int dm_create_device(const char *name, const char *device, const char *cipher,
const char *type, const char *uuid,
uint64_t size, uint64_t skip, uint64_t offset,
size_t key_size, const char *key,
int read_only, int reload);
int dm_suspend_and_wipe_key(const char *name);
int dm_resume_and_reinstate_key(const char *name,
size_t key_size,
const char *key);
void hexprint(char *d, int n);
int sector_size_for_device(const char *device);
ssize_t write_blockwise(int fd, const void *buf, size_t count);
ssize_t read_blockwise(int fd, void *_buf, size_t count);
ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset);
int device_ready(struct crypt_device *cd, const char *device, int mode);
int get_device_infos(const char *device, struct device_infos *infos, struct crypt_device *cd);
int wipe_device_header(const char *device, int sectors);
void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
const char *key_file, int timeout, int how2verify,
struct crypt_device *cd);
int parse_into_name_and_mode(const char *nameAndMode, char *name, char *mode);
void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...);
#define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
#define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
#define log_err(c, x...) do { \
logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x); \
set_error(x); } while(0)
int crypt_get_debug_level(void);
void debug_processes_using_device(const char *name);
int crypt_memlock_inc(struct crypt_device *ctx);
int crypt_memlock_dec(struct crypt_device *ctx);
void get_topology_alignment(const char *device,
unsigned long *required_alignment, /* bytes */
unsigned long *alignment_offset, /* bytes */
unsigned long default_alignment);
int get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
const char *key_file, int passphrase_fd, int timeout, int how2verify);
#endif /* INTERNAL_H */

522
lib/libcryptsetup.h
View File

@@ -6,521 +6,16 @@ extern "C" {
#include <stdint.h>
struct crypt_device; /* crypt device handle */
/**
* Initialise crypt device handle and check if provided device exists.
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - returns pointer to crypt device handle
* @device - path to device
*
* Note that logging is not initialized here, possible messages uses
* default log function.
*/
int crypt_init(struct crypt_device **cd, const char *device);
/**
* Initialise crypt device handle from provided active device name
* and check if provided device exists.
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @name - name of active crypt device
*/
int crypt_init_by_name(struct crypt_device **cd, const char *name);
/**
* Set log function.
*
* @cd - crypt device handle (can be NULL to set default log function)
* @usrptr - provided identification in callback
* @level - log level below (debug messages can uses other levels)
* @msg - log message
*/
#define CRYPT_LOG_NORMAL 0
#define CRYPT_LOG_ERROR 1
#define CRYPT_LOG_DEBUG -1 /* always on stdout */
void crypt_set_log_callback(struct crypt_device *cd,
void (*log)(int level, const char *msg, void *usrptr),
void *usrptr);
/**
* Log message through log function.
*
* @cd - crypt device handle
* @level - log level
* @msg - log message
*/
void crypt_log(struct crypt_device *cd, int level, const char *msg);
/**
* Set confirmation callback (yes/no)
*
* If code need confirmation (like deleting last key slot) this function
* is called. If not defined, everything is confirmed.
*
* Calback should return 0 if operation is declined, other values mean accepted.
*
* @cd - crypt device handle
* @usrptr - provided identification in callback
* @msg - Message for user to confirm
*/
void crypt_set_confirm_callback(struct crypt_device *cd,
int (*confirm)(const char *msg, void *usrptr),
void *usrptr);
/**
* Set password query callback.
*
* If code need _interactive_ query for password, this callback is called.
* If not defined, compiled-in default is called (uses terminal input).
*
* @cd - crypt device handle
* @usrptr - provided identification in callback
* @msg - Message for user
* @buf - buffer for password
* @length - size of buffer
*
* - Note that if this function is defined, verify option is ignored
* (caller whch provided callback is responsible fo password verification)
* - Only zero terminated passwords can be enteted this way, for complex
* API functions directly.
* - Maximal length of password is limited to @length-1 (minimal 511 chars)
*/
void crypt_set_password_callback(struct crypt_device *cd,
int (*password)(const char *msg, char *buf, size_t length, void *usrptr),
void *usrptr);
/**
* Various crypt device parameters
*
* @cd - crypt device handle
* @timeout - timeout in secons for password entry if compiled-in function used
* @password_retry - number of tries for password if not verified
* @iteration_time - iteration time for LUKS header in miliseconds
* @password_verify - for compiled-in password query always verify passwords twice
*/
void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec);
void crypt_set_password_retry(struct crypt_device *cd, int tries);
void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms);
void crypt_set_password_verify(struct crypt_device *cd, int password_verify);
/**
* Helper to lock/unlock memory to avoid swap sensitive data to disk
*
* @cd - crypt device handle, can be NULL
* @lock - 0 to unloct otherwise lock memory
*
* Return value indicates that memory is locked (function can be called multiple times).
* Only root can do this. Note it locks/unlocks all process memory, not only crypt context.
*/
int crypt_memory_lock(struct crypt_device *cd, int lock);
#define CRYPT_PLAIN "PLAIN" /* regular crypt device, no on-disk header */
#define CRYPT_LUKS1 "LUKS1" /* LUKS version 1 header on-disk */
struct crypt_params_plain {
const char *hash; /* password hash function */
uint64_t offset; /* offset in sectors */
uint64_t skip; /* IV initilisation sector */
};
struct crypt_params_luks1 {
const char *hash; /* hash used in LUKS header */
size_t data_alignment; /* in sectors, data offset is multiple of this */
};
/**
* Create (format) new crypt device (and possible header on-disk) but not activates it.
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @type - type of device (optional params struct must be of this type)
* @cipher - (e.g. "aes")
* @cipher_mode - including IV specification (e.g. "xts-plain")
* @uuid - requested UUID or NULL if it should be generated
* @volume_key - pre-generated volume key or NULL if it should be generated (only for LUKS)
* @volume_key_size - size og volume key in bytes.
* @params - crypt type specific parameters
*
* Note that crypt_format do not enable any keyslot, but it stores volume key internally
* and subsequent crypt_keyslot_add_* calls can be used.
* (It is the only situation when crypt_keyslot_add_* do not require active key slots.)
*/
int crypt_format(struct crypt_device *cd,
const char *type,
const char *cipher,
const char *cipher_mode,
const char *uuid,
const char *volume_key,
size_t volume_key_size,
void *params);
/**
* Load crypt device parameters from on-disk header
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @requested_type - use NULL for all known
* @params - crypt type specific parameters
*/
int crypt_load(struct crypt_device *cd,
const char *requested_type,
void *params);
/**
* Suspends crypt device.
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle, can be NULL
* @name - name of device to suspend
*/
int crypt_suspend(struct crypt_device *cd,
const char *name);
/**
* Resumes crypt device using passphrase.
*
* Returns unlocked key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @name - name of device to resume
* @keyslot - requested keyslot or CRYPT_ANY_SLOT
* @passphrase - passphrase used to unlock volume key, NULL for query
* @passphrase_size - size of @passphrase (binary data)
*/
int crypt_resume_by_passphrase(struct crypt_device *cd,
const char *name,
int keyslot,
const char *passphrase,
size_t passphrase_size);
/**
* Resumes crypt device using key file.
*
* Returns unlocked key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @name - name of device to resume
* @keyslot - requested keyslot or CRYPT_ANY_SLOT
* @keyfile - key file used to unlock volume key, NULL for passphrase query
* @keyfile_size - number of bytes to read from @keyfile, 0 is unlimited
*/
int crypt_resume_by_keyfile(struct crypt_device *cd,
const char *name,
int keyslot,
const char *keyfile,
size_t keyfile_size);
/**
* Releases crypt device context and used memory.
*
* @cd - crypt device handle
*/
void crypt_free(struct crypt_device *cd);
/**
* Add key slot using provided passphrase
*
* Returns allocated key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @keyslot - requested keyslot or CRYPT_ANY_SLOT
* @passphrase - passphrase used to unlock volume key, NULL for query
* @passphrase_size - size of @passphrase (binary data)
* @new_passphrase - passphrase for new keyslot, NULL for query
* @new_passphrase_size - size of @new_passphrase (binary data)
*/
#define CRYPT_ANY_SLOT -1
int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
int keyslot,
const char *passphrase,
size_t passphrase_size,
const char *new_passphrase,
size_t new_passphrase_size);
/**
* Add key slot using provided key file path
*
* Returns allocated key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @keyslot - requested keyslot or CRYPT_ANY_SLOT
* @keyfile - key file used to unlock volume key, NULL for passphrase query
* @keyfile_size - number of bytes to read from @keyfile, 0 is unlimited
* @new_keyfile - keyfile for new keyslot, NULL for passphrase query
* @new_keyfile_size - number of bytes to read from @new_keyfile, 0 is unlimited
*
* Note that @keyfile can be "-" for STDIN
*/
int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
int keyslot,
const char *keyfile,
size_t keyfile_size,
const char *new_keyfile,
size_t new_keyfile_size);
/**
* Add key slot using provided volume key
*
* Returns allocated key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @keyslot - requested keyslot or CRYPT_ANY_SLOT
* @volume_key - provided volume key or NULL if used after crypt_format
* @volume_key_size - size of @volume_key
* @passphrase - passphrase for new keyslot, NULL for query
* @passphrase_size - size of @passphrase
*/
int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
int keyslot,
const char *volume_key,
size_t volume_key_size,
const char *passphrase,
size_t passphrase_size);
/**
* Destroy (and disable) key slot
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @keyslot - requested key slot to destroy
*
* Note that there is no passphrase verification used.
*/
int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
/**
* Activation flags
*/
#define CRYPT_ACTIVATE_READONLY (1 << 0)
#define CRYPT_ACTIVATE_NO_UUID (1 << 1)
/**
* Activate device or check passphrase
*
* Returns unlocked key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @name - name of device to create, if NULL only check passphrase
* @keyslot - requested keyslot to check or CRYPT_ANY_SLOT
* @passphrase - passphrase used to unlock volume key, NULL for query
* @passphrase_size - size of @passphrase
* @flags - activation flags
*/
int crypt_activate_by_passphrase(struct crypt_device *cd,
const char *name,
int keyslot,
const char *passphrase,
size_t passphrase_size,
uint32_t flags);
/**
* Activate device or check using key file
*
* Returns unlocked key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @name - name of device to create, if NULL only check keyfile
* @keyslot - requested keyslot to check or CRYPT_ANY_SLOT
* @keyfile - key file used to unlock volume key
* @keyfile_size - number of bytes to read from @keyfile, 0 is unlimited
* @flags - activation flags
*/
int crypt_activate_by_keyfile(struct crypt_device *cd,
const char *name,
int keyslot,
const char *keyfile,
size_t keyfile_size,
uint32_t flags);
/**
* Activate device using provided volume key
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @name - name of device to create, if NULL only check volume key
* @volume_key - provided volume key
* @volume_key_size - size of @volume_key
* @flags - activation flags
*/
int crypt_activate_by_volume_key(struct crypt_device *cd,
const char *name,
const char *volume_key,
size_t volume_key_size,
uint32_t flags);
/**
* Deactivate crypt device
*
* @cd - crypt device handle, can be NULL
* @name - name of device to deactivate
*/
int crypt_deactivate(struct crypt_device *cd, const char *name);
/**
* Get volume key from of crypt device
*
* Returns unlocked key slot number or negative errno otherwise.
*
* @cd - crypt device handle
* @keyslot - use this keyslot or CRYPT_ANY_SLOT
* @volume_key - buffer for volume key
* @volume_key_size - on input, size of buffer @volume_key,
* on output size of @volume_key
* @passphrase - passphrase used to unlock volume key, NULL for query
* @passphrase_size - size of @passphrase
*/
int crypt_volume_key_get(struct crypt_device *cd,
int keyslot,
char *volume_key,
size_t *volume_key_size,
const char *passphrase,
size_t passphrase_size);
/**
* Verify that provided volume key is valid for crypt device
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @volume_key - provided volume key
* @volume_key_size - size of @volume_key
*/
int crypt_volume_key_verify(struct crypt_device *cd,
const char *volume_key,
size_t volume_key_size);
/**
* Get status info about device name
*
* Returns value defined by crypt_status_info.
*
* @cd - crypt device handle, can be NULL
* @name -crypt device name
*
* CRYPT_INACTIVE - no such mapped device
* CRYPT_ACTIVE - device is active
* CRYPT_BUSY - device is active and has open count > 0
*/
typedef enum {
CRYPT_INVALID,
CRYPT_INACTIVE,
CRYPT_ACTIVE,
CRYPT_BUSY
} crypt_status_info;
crypt_status_info crypt_status(struct crypt_device *cd, const char *name);
/**
* Dump text-formatted information about crypt device to log output
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle, can be NULL
*/
int crypt_dump(struct crypt_device *cd);
/**
* Various crypt device info functions
*
* @cd - crypt device handle
*
* cipher - used cipher, e.g. "aes" or NULL otherwise
* cipher_mode - used cipher mode including IV, e.g. "xts-plain" or NULL otherwise
* uuid - device UUID or NULL if not set
* data_offset - device offset in sectors where real data starts on underlying device)
* volume_key_size - size (in bytes) of volume key for crypt device
*/
const char *crypt_get_cipher(struct crypt_device *cd);
const char *crypt_get_cipher_mode(struct crypt_device *cd);
const char *crypt_get_uuid(struct crypt_device *cd);
uint64_t crypt_get_data_offset(struct crypt_device *cd);
int crypt_get_volume_key_size(struct crypt_device *cd);
/**
* Get information about particular key slot
*
* Returns value defined by crypt_keyslot_info.
*
* @cd - crypt device handle
* @keyslot - requested keyslot to check or CRYPT_ANY_SLOT
*/
typedef enum {
CRYPT_SLOT_INVALID,
CRYPT_SLOT_INACTIVE,
CRYPT_SLOT_ACTIVE,
CRYPT_SLOT_ACTIVE_LAST
} crypt_keyslot_info;
crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
/**
* Backup header and keyslots to file
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @requested_type - type of header to backup
* @backup_file - file to backup header to
*/
int crypt_header_backup(struct crypt_device *cd,
const char *requested_type,
const char *backup_file);
/**
* Restore header and keyslots from backup file
*
* Returns 0 on success or negative errno value otherwise.
*
* @cd - crypt device handle
* @requested_type - type of header to restore
* @backup_file - file to restore header from
*/
int crypt_header_restore(struct crypt_device *cd,
const char *requested_type,
const char *backup_file);
/**
* Receives last reported error
*
* @buf - buffef for message
* @size - size of buffer
*
* Note that this is old API function using global context.
* All error messages are reported also through log callback.
*/
void crypt_get_error(char *buf, size_t size);
/**
* Get directory where mapped crypt devices are created
*/
const char *crypt_get_dir(void);
/**
* Set library debug level
*/
#define CRYPT_DEBUG_ALL -1
#define CRYPT_DEBUG_NONE 0
void crypt_set_debug_level(int level);
/**
* OLD DEPRECATED API **********************************
*
* Provided only for backward compatibility.
*/
struct interface_callbacks {
struct interface_callbacks {
int (*yesDialog)(char *msg);
void (*log)(int level, char *msg);
void (*log)(int class, char *msg);
};
#define CRYPT_FLAG_VERIFY (1 << 0)
#define CRYPT_FLAG_READONLY (1 << 1)
#define CRYPT_FLAG_VERIFY_IF_POSSIBLE (1 << 2)
@@ -537,9 +32,9 @@ struct crypt_options {
const char *passphrase;
int passphrase_fd;
const char *key_file;
const char *new_key_file;
const char *new_key_file;
int key_size;
unsigned int flags;
int key_slot;
@@ -547,9 +42,9 @@ struct crypt_options {
uint64_t offset;
uint64_t skip;
uint64_t iteration_time;
uint64_t timeout;
uint64_t timeout;
uint64_t align_payload;
uint64_t align_payload;
int tries;
struct interface_callbacks *icb;
@@ -567,9 +62,12 @@ int crypt_luksRemoveKey(struct crypt_options *options);
int crypt_luksAddKey(struct crypt_options *options);
int crypt_luksUUID(struct crypt_options *options);
int crypt_isLuks(struct crypt_options *options);
int crypt_luksFormat(struct crypt_options *options);
int crypt_luksDump(struct crypt_options *options);
void crypt_get_error(char *buf, size_t size);
void crypt_put_options(struct crypt_options *options);
const char *crypt_get_dir(void);
#ifdef __cplusplus
}

10
lib/libcryptsetup.pc.in
View File

@@ -1,10 +0,0 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: cryptsetup
Description: cryptsetup library
Version: @LIBCRYPTSETUP_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lcryptsetup

65
lib/libcryptsetup.sym
View File

@@ -1,65 +0,0 @@
CRYPTSETUP_1.0 {
global:
crypt_init;
crypt_init_by_name;
crypt_set_log_callback;
crypt_set_confirm_callback;
crypt_set_password_callback;
crypt_set_timeout;
crypt_set_password_retry;
crypt_set_iterarion_time;
crypt_set_password_verify;
crypt_memory_lock;
crypt_format;
crypt_load;
crypt_suspend;
crypt_resume_by_passphrase;
crypt_resume_by_keyfile;
crypt_free;
crypt_keyslot_add_by_passphrase;
crypt_keyslot_add_by_keyfile;
crypt_keyslot_add_by_volume_key;
crypt_keyslot_destroy;
crypt_activate_by_passphrase;
crypt_activate_by_keyfile;
crypt_activate_by_volume_key;
crypt_deactivate;
crypt_volume_key_get;
crypt_volume_key_verify;
crypt_status;
crypt_dump;
crypt_get_cipher;
crypt_get_cipher_mode;
crypt_get_uuid;
crypt_get_data_offset;
crypt_get_volume_key_size;
crypt_keyslot_status;
crypt_get_error;
crypt_get_dir;
crypt_set_debug_level;
crypt_log;
crypt_header_backup;
crypt_header_restore;
crypt_create_device;
crypt_update_device;
crypt_resize_device;
crypt_query_device;
crypt_remove_device;
crypt_luksFormat;
crypt_luksOpen;
crypt_luksKillSlot;
crypt_luksRemoveKey;
crypt_luksAddKey;
crypt_luksUUID;
crypt_isLuks;
crypt_luksDump;
crypt_put_options;
local:
*;
};

687
lib/libdevmapper.c
View File

@@ -1,148 +1,63 @@
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdarg.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <dirent.h>
#include <errno.h>
#include <libdevmapper.h>
#include <fcntl.h>
#include <linux/fs.h>
#include <uuid/uuid.h>
#include "libcryptsetup.h"
#include "internal.h"
#include "luks.h"
#define DEVICE_DIR "/dev"
#define DM_UUID_LEN 129
#define DM_UUID_PREFIX "CRYPT-"
#define DM_UUID_PREFIX_LEN 6
#define DM_UUID_LEN UUID_STRING_L
#define DM_CRYPT_TARGET "crypt"
#define RETRY_COUNT 5
/* Set if dm-crypt version was probed */
static int _dm_crypt_checked = 0;
static int _dm_crypt_wipe_key_supported = 0;
static int _dm_use_count = 0;
static struct crypt_device *_context = NULL;
/* Compatibility for old device-mapper without udev support */
#ifndef HAVE_DM_TASK_SET_COOKIE
#define CRYPT_TEMP_UDEV_FLAGS 0
static int dm_task_set_cookie(struct dm_task *dmt, uint32_t *cookie, uint16_t flags) { return 0; }
static int dm_udev_wait(uint32_t cookie) { return 0; };
#else
#define CRYPT_TEMP_UDEV_FLAGS DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG | \
DM_UDEV_DISABLE_DISK_RULES_FLAG | \
DM_UDEV_DISABLE_OTHER_RULES_FLAG
#endif
static int _dm_use_udev()
{
#ifdef USE_UDEV /* cannot be enabled if devmapper is too old */
return dm_udev_get_sync_support();
#else
return 0;
#endif
}
static void set_dm_error(int level, const char *file, int line,
const char *f, ...)
const char *f, ...)
{
char *msg = NULL;
va_list va;
if (level > 3)
return;
va_start(va, f);
if (vasprintf(&msg, f, va) > 0) {
if (level < 4) {
log_err(_context, msg);
log_err(_context, "\n");
} else
log_dbg(msg);
}
free(msg);
set_error_va(f, va);
va_end(va);
}
static int _dm_simple(int task, const char *name, int udev_wait);
static int _dm_simple(int task, const char *name);
static void _dm_set_crypt_compat(int maj, int min, int patch)
static int dm_init(void)
{
log_dbg("Detected dm-crypt target of version %i.%i.%i.", maj, min, patch);
if (maj >= 1 && min >=2)
_dm_crypt_wipe_key_supported = 1;
else
log_dbg("Suspend and resume disabled, no wipe key support.");
_dm_crypt_checked = 1;
}
static int _dm_check_versions(void)
{
struct dm_task *dmt;
struct dm_versions *target, *last_target;
if (_dm_crypt_checked)
return 1;
if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS)))
return 0;
if (!dm_task_run(dmt)) {
dm_task_destroy(dmt);
return 0;
dm_log_init(set_dm_error);
if (!_dm_simple(DM_DEVICE_LIST_VERSIONS, "test")) {
set_error("Cannot communicate with device-mapper. Is the dm_mod module loaded?");
return -1;
}
target = dm_task_get_versions(dmt);
do {
last_target = target;
if (!strcmp(DM_CRYPT_TARGET, target->name)) {
_dm_set_crypt_compat((int)target->version[0],
(int)target->version[1],
(int)target->version[2]);
}
target = (void *) target + target->next;
} while (last_target != target);
dm_task_destroy(dmt);
return 1;
}
int dm_init(struct crypt_device *context, int check_kernel)
{
if (!_dm_use_count++) {
log_dbg("Initialising device-mapper backend%s, UDEV is %sabled.",
check_kernel ? "" : " (NO kernel check requested)",
_dm_use_udev() ? "en" : "dis");
if (check_kernel && !_dm_check_versions()) {
log_err(context, _("Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"));
return -1;
}
if (getuid() || geteuid())
log_dbg(("WARNING: Running as a non-root user. Functionality may be unavailable."));
dm_log_init(set_dm_error);
dm_log_init_verbose(10);
}
// FIXME: global context is not safe
if (context)
_context = context;
return 1; /* unsafe memory */
}
void dm_exit(void)
static void dm_exit(void)
{
if (_dm_use_count && (!--_dm_use_count)) {
log_dbg("Releasing device-mapper backend.");
dm_log_init_verbose(0);
dm_log_init(NULL);
dm_lib_release();
_context = NULL;
}
dm_log_init(NULL);
dm_lib_release();
}
static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
static char *__lookup_dev(char *path, dev_t dev)
{
struct dirent *entry;
struct stat st;
@@ -151,10 +66,6 @@ static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_le
DIR *dir;
int space;
/* Ignore strange nested directories */
if (dir_level > max_level)
return NULL;
path[PATH_MAX - 1] = '\0';
ptr = path + strlen(path);
*ptr++ = '/';
@@ -166,22 +77,20 @@ static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_le
return NULL;
while((entry = readdir(dir))) {
if (entry->d_name[0] == '.' ||
!strncmp(entry->d_name, "..", 2))
if (entry->d_name[0] == '.' &&
(entry->d_name[1] == '\0' || (entry->d_name[1] == '.' &&
entry->d_name[2] == '\0')))
continue;
strncpy(ptr, entry->d_name, space);
if (stat(path, &st) < 0)
if (lstat(path, &st) < 0)
continue;
if (S_ISDIR(st.st_mode)) {
result = __lookup_dev(path, dev, dir_level + 1, max_level);
result = __lookup_dev(path, dev);
if (result)
break;
} else if (S_ISBLK(st.st_mode)) {
/* workaround: ignore dm-X devices, these are internal kernel names */
if (dir_level == 0 && !strncmp(entry->d_name, "dm-", 3))
continue;
if (st.st_rdev == dev) {
result = strdup(path);
break;
@@ -190,38 +99,22 @@ static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_le
}
closedir(dir);
return result;
}
static char *lookup_dev(const char *dev_id)
static char *lookup_dev(const char *dev)
{
uint32_t major, minor;
dev_t dev;
char *result, buf[PATH_MAX + 1];
char buf[PATH_MAX + 1];
if (sscanf(dev_id, "%" PRIu32 ":%" PRIu32, &major, &minor) != 2)
if (sscanf(dev, "%" PRIu32 ":%" PRIu32, &major, &minor) != 2)
return NULL;
dev = makedev(major, minor);
strncpy(buf, DEVICE_DIR, PATH_MAX);
buf[PATH_MAX] = '\0';
/* First try low level device */
if ((result = __lookup_dev(buf, dev, 0, 0)))
return result;
/* If it is dm, try DM dir */
if (dm_is_dm_major(major)) {
strncpy(buf, dm_dir(), PATH_MAX);
if ((result = __lookup_dev(buf, dev, 0, 0)))
return result;
}
strncpy(buf, DEVICE_DIR, PATH_MAX);
result = __lookup_dev(buf, dev, 0, 4);
/* If not found, return major:minor */
return result ?: strdup(dev_id);
return __lookup_dev(buf, makedev(major, minor));
}
static int _dev_read_ahead(const char *dev, uint32_t *read_ahead)
@@ -241,68 +134,58 @@ static int _dev_read_ahead(const char *dev, uint32_t *read_ahead)
return r;
}
static void hex_key(char *hexkey, size_t key_size, const char *key)
{
int i;
for(i = 0; i < key_size; i++)
sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
}
static char *get_params(const char *device, uint64_t skip, uint64_t offset,
const char *cipher, size_t key_size, const char *key)
static char *get_params(struct crypt_options *options, const char *key)
{
char *params;
char *hexkey;
int i;
hexkey = safe_alloc(key_size * 2 + 1);
if (!hexkey)
hexkey = safe_alloc(options->key_size * 2 + 1);
if (!hexkey) {
set_error("Memory allocation problem");
return NULL;
}
hex_key(hexkey, key_size, key);
for(i = 0; i < options->key_size; i++)
sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
params = safe_alloc(strlen(hexkey) + strlen(cipher) + strlen(device) + 64);
if (!params)
params = safe_alloc(strlen(hexkey) + strlen(options->cipher) +
strlen(options->device) + 64);
if (!params) {
set_error("Memory allocation problem");
goto out;
}
sprintf(params, "%s %s %" PRIu64 " %s %" PRIu64,
cipher, hexkey, skip, device, offset);
options->cipher, hexkey, options->skip,
options->device, options->offset);
out:
safe_free(hexkey);
return params;
}
/* DM helpers */
static int _dm_simple(int task, const char *name, int udev_wait)
static int _dm_simple(int task, const char *name)
{
int r = 0;
struct dm_task *dmt;
uint32_t cookie = 0;
if (!_dm_use_udev())
udev_wait = 0;
if (!(dmt = dm_task_create(task)))
return 0;
if (name && !dm_task_set_name(dmt, name))
goto out;
if (udev_wait && !dm_task_set_cookie(dmt, &cookie, 0))
if (!dm_task_set_name(dmt, name))
goto out;
r = dm_task_run(dmt);
if (udev_wait)
(void)dm_udev_wait(cookie);
out:
dm_task_destroy(dmt);
return r;
}
static int _error_device(const char *name, size_t size)
static int _error_device(struct crypt_options *options)
{
struct dm_task *dmt;
int r = 0;
@@ -310,10 +193,10 @@ static int _error_device(const char *name, size_t size)
if (!(dmt = dm_task_create(DM_DEVICE_RELOAD)))
return 0;
if (!dm_task_set_name(dmt, name))
if (!dm_task_set_name(dmt, options->name))
goto error;
if (!dm_task_add_target(dmt, UINT64_C(0), size, "error", ""))
if (!dm_task_add_target(dmt, UINT64_C(0), options->size, "error", ""))
goto error;
if (!dm_task_set_ro(dmt))
@@ -325,8 +208,8 @@ static int _error_device(const char *name, size_t size)
if (!dm_task_run(dmt))
goto error;
if (!_dm_simple(DM_DEVICE_RESUME, name, 1)) {
_dm_simple(DM_DEVICE_CLEAR, name, 0);
if (!_dm_simple(DM_DEVICE_RESUME, options->name)) {
_dm_simple(DM_DEVICE_CLEAR, options->name);
goto error;
}
@@ -337,36 +220,28 @@ error:
return r;
}
int dm_remove_device(const char *name, int force, uint64_t size)
static int _dm_remove(struct crypt_options *options, int force)
{
int r = -EINVAL;
int retries = force ? RETRY_COUNT : 1;
int error_target = 0;
if (!name || (force && !size))
return -EINVAL;
/* If force flag is set, replace device with error, read-only target.
* it should stop processes from reading it and also removed underlying
* device from mapping, so it is usable again.
* Force flag should be used only for temporary devices, which are
* intended to work inside cryptsetup only!
* Anyway, if some process try to read temporary cryptsetup device,
* it is bug - no other process should try touch it (e.g. udev).
*/
if (force) {
_error_device(options);
retries = RETRY_COUNT;
}
do {
r = _dm_simple(DM_DEVICE_REMOVE, name, 1) ? 0 : -EINVAL;
if (--retries && r) {
log_dbg("WARNING: other process locked internal device %s, %s.",
name, retries ? "retrying remove" : "giving up");
if (force && (crypt_get_debug_level() == CRYPT_LOG_DEBUG))
debug_processes_using_device(name);
r = _dm_simple(DM_DEVICE_REMOVE, options->name) ? 0 : -EINVAL;
if (--retries)
sleep(1);
if (force && !error_target) {
/* If force flag is set, replace device with error, read-only target.
* it should stop processes from reading it and also removed underlying
* device from mapping, so it is usable again.
* Force flag should be used only for temporary devices, which are
* intended to work inside cryptsetup only!
* Anyway, if some process try to read temporary cryptsetup device,
* it is bug - no other process should try touch it (e.g. udev).
*/
_error_device(name, size);
error_target = 1;
}
}
} while (r == -EINVAL && retries);
dm_task_update_nodes();
@@ -374,134 +249,74 @@ int dm_remove_device(const char *name, int force, uint64_t size)
return r;
}
#define UUID_LEN 37 /* 36 + \0, libuuid ... */
/*
* UUID has format: CRYPT-<devicetype>-[<uuid>-]<device name>
* CRYPT-PLAIN-name
* CRYPT-LUKS1-00000000000000000000000000000000-name
* CRYPT-TEMP-name
*/
static void dm_prepare_uuid(const char *name, const char *type, const char *uuid, char *buf, size_t buflen)
{
char *ptr, uuid2[UUID_LEN] = {0};
uuid_t uu;
int i = 0;
/* Remove '-' chars */
if (uuid && !uuid_parse(uuid, uu)) {
for (ptr = uuid2, i = 0; i < UUID_LEN; i++)
if (uuid[i] != '-') {
*ptr = uuid[i];
ptr++;
}
}
i = snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s%s",
type ?: "", type ? "-" : "",
uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : "",
name);
log_dbg("DM-UUID is %s", buf);
if (i >= buflen)
log_err(NULL, _("DM-UUID for device %s was truncated.\n"), name);
}
int dm_create_device(const char *name,
const char *device,
const char *cipher,
const char *type,
const char *uuid,
uint64_t size,
uint64_t skip,
uint64_t offset,
size_t key_size,
const char *key,
int read_only,
int reload)
static int dm_create_device(int reload, struct crypt_options *options,
const char *key, const char *uuid)
{
struct dm_task *dmt = NULL;
struct dm_task *dmt_query = NULL;
struct dm_info dmi;
char *params = NULL;
char *error = NULL;
char dev_uuid[DM_UUID_LEN] = {0};
char dev_uuid[DM_UUID_PREFIX_LEN + DM_UUID_LEN + 1] = {0};
int r = -EINVAL;
uint32_t read_ahead = 0;
uint32_t cookie = 0;
uint16_t udev_flags = 0;
params = get_params(device, skip, offset, cipher, key_size, key);
params = get_params(options, key);
if (!params)
goto out_no_removal;
if (type && !strncmp(type, "TEMP", 4))
udev_flags = CRYPT_TEMP_UDEV_FLAGS;
/* All devices must have DM_UUID, only resize on old device is exception */
if (reload) {
if (!(dmt = dm_task_create(DM_DEVICE_RELOAD)))
goto out_no_removal;
if (!dm_task_set_name(dmt, name))
goto out_no_removal;
} else {
dm_prepare_uuid(name, type, uuid, dev_uuid, sizeof(dev_uuid));
if (!(dmt = dm_task_create(DM_DEVICE_CREATE)))
goto out_no_removal;
if (!dm_task_set_name(dmt, name))
goto out_no_removal;
if (!dm_task_set_uuid(dmt, dev_uuid))
goto out_no_removal;
if (_dm_use_udev() && !dm_task_set_cookie(dmt, &cookie, udev_flags))
goto out_no_removal;
if (uuid) {
strncpy(dev_uuid, DM_UUID_PREFIX, DM_UUID_PREFIX_LEN);
strncpy(dev_uuid + DM_UUID_PREFIX_LEN, uuid, DM_UUID_LEN);
dev_uuid[DM_UUID_PREFIX_LEN + DM_UUID_LEN] = '\0';
}
if (read_only && !dm_task_set_ro(dmt))
goto out_no_removal;
if (!dm_task_add_target(dmt, 0, size, DM_CRYPT_TARGET, params))
goto out_no_removal;
if (!(dmt = dm_task_create(reload ? DM_DEVICE_RELOAD
: DM_DEVICE_CREATE)))
goto out;
if (!dm_task_set_name(dmt, options->name))
goto out;
if (options->flags & CRYPT_FLAG_READONLY && !dm_task_set_ro(dmt))
goto out;
if (!dm_task_add_target(dmt, 0, options->size, DM_CRYPT_TARGET, params))
goto out;
#ifdef DM_READ_AHEAD_MINIMUM_FLAG
if (_dev_read_ahead(device, &read_ahead) &&
if (_dev_read_ahead(options->device, &read_ahead) &&
!dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG))
goto out_no_removal;
goto out;
#endif
if (uuid && !dm_task_set_uuid(dmt, dev_uuid))
goto out;
if (!dm_task_run(dmt))
goto out_no_removal;
goto out;
if (reload) {
dm_task_destroy(dmt);
if (!(dmt = dm_task_create(DM_DEVICE_RESUME)))
goto out;
if (!dm_task_set_name(dmt, name))
if (!dm_task_set_name(dmt, options->name))
goto out;
if (uuid && !dm_task_set_uuid(dmt, dev_uuid))
goto out;
if (_dm_use_udev() && !dm_task_set_cookie(dmt, &cookie, udev_flags))
goto out;
if (!dm_task_run(dmt))
goto out;
}
if (!dm_task_get_info(dmt, &dmi))
goto out;
if (dmi.read_only)
options->flags |= CRYPT_FLAG_READONLY;
r = 0;
out:
if (_dm_use_udev()) {
(void)dm_udev_wait(cookie);
cookie = 0;
}
if (r < 0 && !reload) {
if (get_error())
error = strdup(get_error());
dm_remove_device(name, 0, 0);
_dm_remove(options, 0);
if (error) {
set_error(error);
@@ -510,19 +325,18 @@ out:
}
out_no_removal:
if (cookie && _dm_use_udev())
(void)dm_udev_wait(cookie);
if (params)
safe_free(params);
if (dmt)
dm_task_destroy(dmt);
if(dmt_query)
dm_task_destroy(dmt_query);
dm_task_update_nodes();
return r;
}
int dm_status_device(const char *name)
static int dm_query_device(int details, struct crypt_options *options,
char **key)
{
struct dm_task *dmt;
struct dm_info dmi;
@@ -531,65 +345,10 @@ int dm_status_device(const char *name)
void *next = NULL;
int r = -EINVAL;
if (!(dmt = dm_task_create(DM_DEVICE_STATUS)))
return -EINVAL;
if (!dm_task_set_name(dmt, name)) {
r = -EINVAL;
if (!(dmt = dm_task_create(details ? DM_DEVICE_TABLE
: DM_DEVICE_STATUS)))
goto out;
}
if (!dm_task_run(dmt)) {
r = -EINVAL;
goto out;
}
if (!dm_task_get_info(dmt, &dmi)) {
r = -EINVAL;
goto out;
}
if (!dmi.exists) {
r = -ENODEV;
goto out;
}
next = dm_get_next_target(dmt, next, &start, &length,
&target_type, &params);
if (!target_type || strcmp(target_type, DM_CRYPT_TARGET) != 0 ||
start != 0 || next)
r = -EINVAL;
else
r = (dmi.open_count > 0);
out:
if (dmt)
dm_task_destroy(dmt);
return r;
}
int dm_query_device(const char *name,
char **device,
uint64_t *size,
uint64_t *skip,
uint64_t *offset,
char **cipher,
int *key_size,
char **key,
int *read_only,
int *suspended,
char **uuid)
{
struct dm_task *dmt;
struct dm_info dmi;
uint64_t start, length, val64;
char *target_type, *params, *rcipher, *key_, *rdevice, *endp, buffer[3], *tmp_uuid;
void *next = NULL;
int i, r = -EINVAL;
if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
goto out;
if (!dm_task_set_name(dmt, name))
if (!dm_task_set_name(dmt, options->name))
goto out;
r = -ENODEV;
if (!dm_task_run(dmt))
@@ -610,156 +369,116 @@ int dm_query_device(const char *name,
start != 0 || next)
goto out;
if (size)
*size = length;
options->hash = NULL;
options->cipher = NULL;
options->offset = 0;
options->skip = 0;
options->size = length;
if (details) {
char *cipher, *key_, *device;
uint64_t val64;
rcipher = strsep(&params, " ");
/* cipher */
if (cipher)
*cipher = strdup(rcipher);
set_error("Invalid dm table");
/* skip */
key_ = strsep(&params, " ");
if (!params)
goto out;
val64 = strtoull(params, &params, 10);
if (*params != ' ')
goto out;
params++;
if (skip)
*skip = val64;
/* device */
rdevice = strsep(&params, " ");
if (device)
*device = lookup_dev(rdevice);
/*offset */
if (!params)
goto out;
val64 = strtoull(params, &params, 10);
if (*params)
goto out;
if (offset)
*offset = val64;
/* key_size */
if (key_size)
*key_size = strlen(key_) / 2;
/* key */
if (key_size && key) {
*key = safe_alloc(*key_size);
if (!*key) {
r = -ENOMEM;
cipher = strsep(&params, " ");
key_ = strsep(&params, " ");
if (!params)
goto out;
}
buffer[2] = '\0';
for(i = 0; i < *key_size; i++) {
memcpy(buffer, &key_[i * 2], 2);
(*key)[i] = strtoul(buffer, &endp, 16);
if (endp != &buffer[2]) {
safe_free(key);
*key = NULL;
val64 = strtoull(params, &params, 10);
if (*params != ' ')
goto out;
params++;
options->skip = val64;
device = strsep(&params, " ");
if (!params)
goto out;
val64 = strtoull(params, &params, 10);
if (*params)
goto out;
options->offset = val64;
options->cipher = strdup(cipher);
options->key_size = strlen(key_) / 2;
if (key) {
char buffer[3];
char *endp;
int i;
*key = safe_alloc(options->key_size);
if (!*key) {
set_error("Out of memory");
r = -ENOMEM;
goto out;
}
buffer[2] = '\0';
for(i = 0; i < options->key_size; i++) {
memcpy(buffer, &key_[i * 2], 2);
(*key)[i] = strtoul(buffer, &endp, 16);
if (endp != &buffer[2]) {
safe_free(key);
*key = NULL;
goto out;
}
}
}
memset(key_, 0, strlen(key_));
options->device = lookup_dev(device);
set_error(NULL);
}
memset(key_, 0, strlen(key_));
if (read_only)
*read_only = dmi.read_only;
if (suspended)
*suspended = dmi.suspended;
if (uuid && (tmp_uuid = (char*)dm_task_get_uuid(dmt)) &&
!strncmp(tmp_uuid, DM_UUID_PREFIX, DM_UUID_PREFIX_LEN))
*uuid = strdup(tmp_uuid + DM_UUID_PREFIX_LEN);
r = (dmi.open_count > 0);
out:
if (dmt)
dm_task_destroy(dmt);
return r;
}
static int _dm_message(const char *name, const char *msg)
{
int r = 0;
struct dm_task *dmt;
if (!(dmt = dm_task_create(DM_DEVICE_TARGET_MSG)))
return 0;
if (name && !dm_task_set_name(dmt, name))
goto out;
if (!dm_task_set_sector(dmt, (uint64_t) 0))
goto out;
if (!dm_task_set_message(dmt, msg))
goto out;
r = dm_task_run(dmt);
out:
dm_task_destroy(dmt);
return r;
}
int dm_suspend_and_wipe_key(const char *name)
{
if (!_dm_check_versions())
return -ENOTSUP;
if (!_dm_crypt_wipe_key_supported)
return -ENOTSUP;
if (!_dm_simple(DM_DEVICE_SUSPEND, name, 0))
return -EINVAL;
if (!_dm_message(name, "key wipe")) {
_dm_simple(DM_DEVICE_RESUME, name, 1);
return -EINVAL;
if (r >= 0) {
if (options->device)
options->flags |= CRYPT_FLAG_FREE_DEVICE;
if (options->cipher)
options->flags |= CRYPT_FLAG_FREE_CIPHER;
options->flags &= ~CRYPT_FLAG_READONLY;
if (dmi.read_only)
options->flags |= CRYPT_FLAG_READONLY;
} else {
if (options->device) {
free((char *)options->device);
options->device = NULL;
options->flags &= ~CRYPT_FLAG_FREE_DEVICE;
}
if (options->cipher) {
free((char *)options->cipher);
options->cipher = NULL;
options->flags &= ~CRYPT_FLAG_FREE_CIPHER;
}
}
return 0;
}
int dm_resume_and_reinstate_key(const char *name,
size_t key_size,
const char *key)
{
int msg_size = key_size * 2 + 10; // key set <key>
char *msg;
int r = 0;
if (!_dm_check_versions())
return -ENOTSUP;
if (!_dm_crypt_wipe_key_supported)
return -ENOTSUP;
msg = safe_alloc(msg_size);
if (!msg)
return -ENOMEM;
memset(msg, 0, msg_size);
strcpy(msg, "key set ");
hex_key(&msg[8], key_size, key);
if (!_dm_message(name, msg) ||
!_dm_simple(DM_DEVICE_RESUME, name, 1))
r = -EINVAL;
safe_free(msg);
return r;
}
const char *dm_get_dir(void)
static int dm_remove_device(int force, struct crypt_options *options)
{
if (!options || !options->name)
return -EINVAL;
return _dm_remove(options, force);;
}
static const char *dm_get_dir(void)
{
return dm_dir();
}
struct setup_backend setup_libdevmapper_backend = {
.name = "dm-crypt",
.init = dm_init,
.exit = dm_exit,
.create = dm_create_device,
.status = dm_query_device,
.remove = dm_remove_device,
.dir = dm_get_dir
};

32
lib/nls.h
View File

@@ -1,32 +0,0 @@
#ifndef CRYPTSETUP_NLS_H
#define CRYPTSETUP_NLS_H
#ifndef LOCALEDIR
#define LOCALEDIR "/usr/share/locale"
#endif
#ifdef HAVE_LOCALE_H
# include <locale.h>
#else
# undef setlocale
# define setlocale(Category, Locale) /* empty */
#endif
#ifdef ENABLE_NLS
# include <libintl.h>
# define _(Text) gettext (Text)
# ifdef gettext_noop
# define N_(String) gettext_noop (String)
# else
# define N_(String) (String)
# endif
#else
# undef bindtextdomain
# define bindtextdomain(Domain, Directory) /* empty */
# undef textdomain
# define textdomain(Domain) /* empty */
# define _(Text) (Text)
# define N_(Text) (Text)
#endif
#endif /* CRYPTSETUP_H */

2731
lib/setup.c
View File

File diff suppressed because it is too large Load Diff

452
lib/utils.c
View File

@@ -12,12 +12,11 @@
#include <sys/ioctl.h>
#include <fcntl.h>
#include <termios.h>
#include <sys/mman.h>
#include <sys/resource.h>
#include "libcryptsetup.h"
#include "internal.h"
struct safe_allocation {
size_t size;
char data[1];
@@ -27,24 +26,18 @@ static char *error=NULL;
void set_error_va(const char *fmt, va_list va)
{
int r;
if(error) {
free(error);
error = NULL;
free(error);
error=NULL;
}
if(!fmt) return;
r = vasprintf(&error, fmt, va);
if (r < 0) {
if (vasprintf(&error, fmt, va) < 0) {
free(error);
error = NULL;
return;
}
if (r && error[r - 1] == '\n')
error[r - 1] = '\0';
}
void set_error(const char *fmt, ...)
@@ -123,24 +116,10 @@ char *safe_strdup(const char *s)
return strcpy(s2, s);
}
static int get_alignment(int fd)
{
int alignment = DEFAULT_ALIGNMENT;
#ifdef _PC_REC_XFER_ALIGN
alignment = fpathconf(fd, _PC_REC_XFER_ALIGN);
if (alignment < 0)
alignment = DEFAULT_ALIGNMENT;
#endif
return alignment;
}
static void *aligned_malloc(void **base, int size, int alignment)
{
#ifdef HAVE_POSIX_MEMALIGN
return posix_memalign(base, alignment, size) ? NULL : *base;
#else
/* Credits go to Michal's padlock patches for this alignment code */
static void *aligned_malloc(char **base, int size, int alignment)
{
char *ptr;
ptr = malloc(size + alignment);
@@ -151,8 +130,8 @@ static void *aligned_malloc(void **base, int size, int alignment)
ptr += alignment - ((long)(ptr) & (alignment - 1));
}
return ptr;
#endif
}
static int sector_size(int fd)
{
int bsize;
@@ -173,98 +152,74 @@ int sector_size_for_device(const char *device)
return r;
}
ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)
ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)
{
void *hangover_buf, *hangover_buf_base = NULL;
void *buf, *buf_base = NULL;
int r, hangover, solid, bsize, alignment;
ssize_t ret = -1;
char *padbuf; char *padbuf_base;
char *buf = (char *)orig_buf;
int r = 0;
int hangover; int solid; int bsize;
if ((bsize = sector_size(fd)) < 0)
return bsize;
hangover = count % bsize;
solid = count - hangover;
alignment = get_alignment(fd);
if ((long)orig_buf & (alignment - 1)) {
buf = aligned_malloc(&buf_base, count, alignment);
if (!buf)
goto out;
memcpy(buf, orig_buf, count);
} else
buf = (void *)orig_buf;
padbuf = aligned_malloc(&padbuf_base, bsize, bsize);
if(padbuf == NULL) return -ENOMEM;
r = write(fd, buf, solid);
if (r < 0 || r != solid)
goto out;
if (hangover) {
hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment);
if (!hangover_buf)
goto out;
r = read(fd, hangover_buf, bsize);
while(solid) {
memcpy(padbuf, buf, bsize);
r = write(fd, padbuf, bsize);
if(r < 0 || r != bsize) goto out;
r = lseek(fd, -bsize, SEEK_CUR);
if (r < 0)
goto out;
memcpy(hangover_buf, buf + solid, hangover);
r = write(fd, hangover_buf, bsize);
if(r < 0 || r != bsize) goto out;
free(hangover_buf_base);
solid -= bsize;
buf += bsize;
}
if(hangover) {
r = read(fd,padbuf,bsize);
if(r < 0 || r != bsize) goto out;
lseek(fd,-bsize,SEEK_CUR);
memcpy(padbuf,buf,hangover);
r = write(fd,padbuf, bsize);
if(r < 0 || r != bsize) goto out;
buf += hangover;
}
ret = count;
out:
if (buf != orig_buf)
free(buf_base);
return ret;
free(padbuf_base);
return (buf-(char *)orig_buf)?(buf-(char *)orig_buf):r;
}
ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
void *hangover_buf, *hangover_buf_base;
void *buf, *buf_base = NULL;
int r, hangover, solid, bsize, alignment;
ssize_t ret = -1;
char *padbuf; char *padbuf_base;
char *buf = (char *)orig_buf;
int r = 0;
int step;
int bsize;
if ((bsize = sector_size(fd)) < 0)
return bsize;
hangover = count % bsize;
solid = count - hangover;
alignment = get_alignment(fd);
padbuf = aligned_malloc(&padbuf_base, bsize, bsize);
if(padbuf == NULL) return -ENOMEM;
if ((long)orig_buf & (alignment - 1)) {
buf = aligned_malloc(&buf_base, count, alignment);
if (!buf)
while(count) {
r = read(fd,padbuf,bsize);
if(r < 0 || r != bsize) {
set_error("read failed in read_blockwise.\n");
goto out;
} else
buf = orig_buf;
r = read(fd, buf, solid);
if(r < 0 || r != solid)
goto out;
if (hangover) {
hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment);
if (!hangover_buf)
goto out;
r = read(fd, hangover_buf, bsize);
if (r < 0 || r != bsize)
goto out;
memcpy(buf + solid, hangover_buf, hangover);
free(hangover_buf_base);
}
step = count<bsize?count:bsize;
memcpy(buf,padbuf,step);
buf += step;
count -= step;
}
ret = count;
out:
if (buf != orig_buf) {
memcpy(orig_buf, buf, count);
free(buf_base);
}
return ret;
free(padbuf_base);
return (buf-(char *)orig_buf)?(buf-(char *)orig_buf):r;
}
/*
@@ -334,7 +289,8 @@ static int timed_read(int fd, char *pass, size_t maxlen, long timeout)
if (select(fd+1, &fds, NULL, NULL, &t) > 0)
failed = untimed_read(fd, pass, maxlen);
else
set_error("Operation timed out");
return failed;
}
@@ -354,9 +310,10 @@ static int interactive_pass(const char *prompt, char *pass, size_t maxlen,
outfd = STDERR_FILENO;
}
if (tcgetattr(infd, &orig))
if (tcgetattr(infd, &orig)) {
set_error("Unable to get terminal");
goto out_err;
}
memcpy(&tmp, &orig, sizeof(tmp));
tmp.c_lflag &= ~ECHO;
@@ -371,8 +328,8 @@ static int interactive_pass(const char *prompt, char *pass, size_t maxlen,
tcsetattr(infd, TCSAFLUSH, &orig);
out_err:
if (!failed && write(outfd, "\n", 1));
if (!failed)
(void)write(outfd, "\n", 1);
if (infd != STDIN_FILENO)
close(infd);
return failed;
@@ -390,30 +347,32 @@ out_err:
* Legend: p..prompt, v..can verify, n..newline-stop, h..read horizon
*
* Note: --key-file=- is interpreted as a read from a binary file (stdin)
*
* Returns true when more keys are available (that is when password
* reading can be retried as for interactive terminals).
*/
void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
const char *key_file, int timeout, int how2verify,
struct crypt_device *cd)
int get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
const char *key_file, int passphrase_fd, int timeout, int how2verify)
{
int fd = -1;
int fd;
const int verify = how2verify & CRYPT_FLAG_VERIFY;
const int verify_if_possible = how2verify & CRYPT_FLAG_VERIFY_IF_POSSIBLE;
char *pass = NULL;
int newline_stop;
int read_horizon;
int regular_file = 0;
int r;
if(key_file && !strcmp(key_file, "-")) {
/* Allow binary reading from stdin */
fd = STDIN_FILENO;
fd = passphrase_fd;
newline_stop = 0;
read_horizon = 0;
} else if (key_file) {
fd = open(key_file, O_RDONLY);
if (fd < 0) {
log_err(cd, _("Failed to open key file %s.\n"), key_file);
char buf[128];
set_error("Error opening key file: %s",
strerror_r(errno, buf, 128));
goto out_err;
}
newline_stop = 0;
@@ -422,7 +381,7 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
* of key bytes (default or passed by -s) */
read_horizon = key_size;
} else {
fd = STDIN_FILENO;
fd = passphrase_fd;
newline_stop = 1;
read_horizon = 0; /* Infinite, if read from terminal or fd */
}
@@ -431,16 +390,16 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
if(isatty(fd)) {
int i;
pass = safe_alloc(MAX_TTY_PASSWORD_LEN);
if (!pass || (i = interactive_pass(prompt, pass, MAX_TTY_PASSWORD_LEN, timeout))) {
log_err(cd, _("Error reading passphrase from terminal.\n"));
pass = safe_alloc(512);
if (!pass || (i = interactive_pass(prompt, pass, 512, timeout))) {
set_error("Error reading passphrase");
goto out_err;
}
if (verify || verify_if_possible) {
char pass_verify[MAX_TTY_PASSWORD_LEN];
i = interactive_pass(_("Verify passphrase: "), pass_verify, sizeof(pass_verify), timeout);
char pass_verify[512];
i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), timeout);
if (i || strcmp(pass, pass_verify) != 0) {
log_err(cd, _("Passphrases do not match.\n"));
set_error("Passphrases do not match");
goto out_err;
}
memset(pass_verify, 0, sizeof(pass_verify));
@@ -455,7 +414,7 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
int buflen, i;
if(verify) {
log_err(cd, _("Can't do passphrase verification on non-tty inputs.\n"));
set_error("Can't do passphrase verification on non-tty inputs");
goto out_err;
}
/* The following for control loop does an exhausting
@@ -468,15 +427,14 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
if(key_file && strcmp(key_file, "-") && read_horizon == 0) {
struct stat st;
if(stat(key_file, &st) < 0) {
log_err(cd, _("Failed to stat key file %s.\n"), key_file);
set_error("Can't stat key file");
goto out_err;
}
if(!S_ISREG(st.st_mode))
log_std(cd, _("Warning: exhausting read requested, but key file %s"
" is not a regular file, function might never return.\n"),
key_file);
else
regular_file = 1;
if(!S_ISREG(st.st_mode)) {
// set_error("Can't do exhausting read on non regular files");
// goto out_err;
fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n");
}
}
buflen = 0;
for(i = 0; read_horizon == 0 || i < read_horizon; i++) {
@@ -484,256 +442,28 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
buflen += 128;
pass = safe_realloc(pass, buflen);
if (!pass) {
log_err(cd, _("Out of memory while reading passphrase.\n"));
set_error("Not enough memory while "
"reading passphrase");
goto out_err;
}
}
r = read(fd, pass + i, 1);
if (r < 0) {
log_err(cd, _("Error reading passphrase.\n"));
goto out_err;
}
if(r == 0 || (newline_stop && pass[i] == '\n'))
if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n'))
break;
}
/* Fail if piped input dies reading nothing */
if(!i && !regular_file) {
log_dbg("Error reading passphrase.");
goto out_err;
}
if(key_file)
close(fd);
pass[i] = 0;
*key = pass;
*passLen = i;
}
if(fd != STDIN_FILENO)
close(fd);
return;
return isatty(fd); /* Return true, when password reading can be tried on interactive fds */
out_err:
if(fd >= 0 && fd != STDIN_FILENO)
close(fd);
if(pass)
safe_free(pass);
*key = NULL;
*passLen = 0;
return 0;
}
int device_ready(struct crypt_device *cd, const char *device, int mode)
{
int devfd, r = 1;
ssize_t s;
struct stat st;
char buf[512];
if(stat(device, &st) < 0) {
log_err(cd, _("Device %s doesn't exist or access denied.\n"), device);
return 0;
}
log_dbg("Trying to open and read device %s.", device);
devfd = open(device, mode | O_DIRECT | O_SYNC);
if(devfd < 0) {
log_err(cd, _("Cannot open device %s for %s%s access.\n"), device,
(mode & O_EXCL) ? _("exclusive ") : "",
(mode & O_RDWR) ? _("writable") : _("read-only"));
return 0;
}
/* Try to read first sector */
s = read_blockwise(devfd, buf, sizeof(buf));
if (s < 0 || s != sizeof(buf)) {
log_err(cd, _("Cannot read device %s.\n"), device);
r = 0;
}
memset(buf, 0, sizeof(buf));
close(devfd);
return r;
}
int get_device_infos(const char *device, struct device_infos *infos, struct crypt_device *cd)
{
uint64_t size;
unsigned long size_small;
int readonly = 0;
int ret = -1;
int fd;
/* Try to open read-write to check whether it is a read-only device */
fd = open(device, O_RDWR);
if (fd < 0) {
if (errno == EROFS) {
readonly = 1;
fd = open(device, O_RDONLY);
}
} else {
close(fd);
fd = open(device, O_RDONLY);
}
if (fd < 0) {
log_err(cd, _("Cannot open device: %s\n"), device);
return -1;
}
#ifdef BLKROGET
/* If the device can be opened read-write, i.e. readonly is still 0, then
* check whether BKROGET says that it is read-only. E.g. read-only loop
* devices may be openend read-write but are read-only according to BLKROGET
*/
if (readonly == 0 && ioctl(fd, BLKROGET, &readonly) < 0) {
log_err(cd, _("BLKROGET failed on device %s.\n"), device);
goto out;
}
#else
#error BLKROGET not available
#endif
#ifdef BLKGETSIZE64
if (ioctl(fd, BLKGETSIZE64, &size) >= 0) {
size >>= SECTOR_SHIFT;
ret = 0;
goto out;
}
#endif
#ifdef BLKGETSIZE
if (ioctl(fd, BLKGETSIZE, &size_small) >= 0) {
size = (uint64_t)size_small;
ret = 0;
goto out;
}
#else
# error Need at least the BLKGETSIZE ioctl!
#endif
log_err(cd, _("BLKGETSIZE failed on device %s.\n"), device);
out:
if (ret == 0) {
infos->size = size;
infos->readonly = readonly;
}
close(fd);
return ret;
}
int wipe_device_header(const char *device, int sectors)
{
char *buffer;
int size = sectors * SECTOR_SIZE;
int r = -1;
int devfd;
devfd = open(device, O_RDWR | O_DIRECT | O_SYNC);
if(devfd == -1)
return -EINVAL;
buffer = malloc(size);
if (!buffer) {
close(devfd);
return -ENOMEM;
}
memset(buffer, 0, size);
r = write_blockwise(devfd, buffer, size) < size ? -EIO : 0;
free(buffer);
close(devfd);
return r;
}
/* MEMLOCK */
#define DEFAULT_PROCESS_PRIORITY -18
static int _priority;
static int _memlock_count = 0;
// return 1 if memory is locked
int crypt_memlock_inc(struct crypt_device *ctx)
{
if (!_memlock_count++) {
log_dbg("Locking memory.");
if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
log_err(ctx, _("WARNING!!! Possibly insecure memory. Are you root?\n"));
_memlock_count--;
return 0;
}
errno = 0;
if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno)
log_err(ctx, _("Cannot get process priority.\n"));
else
if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
log_err(ctx, _("setpriority %u failed: %s"),
DEFAULT_PROCESS_PRIORITY, strerror(errno));
}
return _memlock_count ? 1 : 0;
}
int crypt_memlock_dec(struct crypt_device *ctx)
{
if (_memlock_count && (!--_memlock_count)) {
log_dbg("Unlocking memory.");
if (munlockall())
log_err(ctx, _("Cannot unlock memory."));
if (setpriority(PRIO_PROCESS, 0, _priority))
log_err(ctx, _("setpriority %u failed: %s"), _priority, strerror(errno));
}
return _memlock_count ? 1 : 0;
}
/* DEVICE TOPOLOGY */
/* block device topology ioctls, introduced in 2.6.32 */
#ifndef BLKIOMIN
#define BLKIOMIN _IO(0x12,120)
#define BLKIOOPT _IO(0x12,121)
#define BLKALIGNOFF _IO(0x12,122)
#endif
void get_topology_alignment(const char *device,
unsigned long *required_alignment, /* bytes */
unsigned long *alignment_offset, /* bytes */
unsigned long default_alignment)
{
unsigned int dev_alignment_offset = 0;
unsigned long min_io_size = 0, opt_io_size = 0;
int fd;
*required_alignment = default_alignment;
*alignment_offset = 0;
fd = open(device, O_RDONLY);
if (fd == -1)
return;
/* minimum io size */
if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
device, default_alignment);
goto out;
}
/* optimal io size */
if (ioctl(fd, BLKIOOPT, &opt_io_size) == -1)
opt_io_size = min_io_size;
/* alignment offset, bogus -1 means misaligned/unknown */
if (ioctl(fd, BLKALIGNOFF, &dev_alignment_offset) == -1 || (int)dev_alignment_offset < 0)
dev_alignment_offset = 0;
if (*required_alignment < min_io_size)
*required_alignment = min_io_size;
if (*required_alignment < opt_io_size)
*required_alignment = opt_io_size;
*alignment_offset = (unsigned long)dev_alignment_offset;
log_dbg("Topology: IO (%lu/%lu), offset = %lu; Required alignment is %lu bytes.",
min_io_size, opt_io_size, *alignment_offset, *required_alignment);
out:
(void)close(fd);
}

130
lib/utils_debug.c
View File

@@ -1,130 +0,0 @@
/*
* Temporary debug code to find processes locking internal cryptsetup devices.
* This code is intended to run only in debug mode.
*
* inspired by psmisc/fuser proc scanning code
*/
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <dirent.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include "libcryptsetup.h"
#include "internal.h"
#define MAX_PATHNAME 1024
#define MAX_SHORTNAME 64
static int numeric_name(const char *name)
{
return (name[0] < '0' || name[0] > '9') ? 0 : 1;
}
static int check_pid(const pid_t pid, const char *dev_name, const char *short_dev_name)
{
char dirpath[MAX_SHORTNAME], fdpath[MAX_SHORTNAME], linkpath[MAX_PATHNAME];
DIR *dirp;
struct dirent *direntry;
size_t len;
int r = 0;
snprintf(dirpath, sizeof(dirpath), "/proc/%d/fd", pid);
if (!(dirp = opendir(dirpath)))
return r;
while ((direntry = readdir(dirp))) {
if (!numeric_name(direntry->d_name))
continue;
snprintf(fdpath, sizeof(fdpath), "/proc/%d/fd/%s", pid, direntry->d_name);
if ((len = readlink(fdpath, linkpath, MAX_PATHNAME-1)) < 0)
break;
linkpath[len] = '\0';
if (!strcmp(dev_name, linkpath)) {
r = 1;
break;
}
if (!strcmp(short_dev_name, linkpath)) {
r = 2;
break;
}
}
closedir(dirp);
return r;
}
static int read_proc_info(const pid_t pid, pid_t *ppid, char *name, int max_size)
{
char path[MAX_SHORTNAME], info[max_size], c;
int fd, xpid, r = 0;
snprintf(path, sizeof(path), "/proc/%u/stat", pid);
if ((fd = open(path, O_RDONLY)) < 0)
return 0;
if (read(fd, info, max_size) > 0 &&
sscanf(info, "%d %s %c %d", &xpid, name, &c, ppid) == 4)
r = 1;
if (!r) {
*ppid = 0;
name[0] = '\0';
}
close(fd);
return r;
}
static void report_proc(const pid_t pid, const char *dev_name)
{
char name[MAX_PATHNAME], name2[MAX_PATHNAME];
pid_t ppid, ppid2;
if (read_proc_info(pid, &ppid, name, MAX_PATHNAME) &&
read_proc_info(ppid, &ppid2, name2, MAX_PATHNAME))
log_dbg("WARNING: Process PID %u %s [PPID %u %s] spying on internal device %s.",
pid, name, ppid, name2, dev_name);
}
void debug_processes_using_device(const char *dm_name)
{
char short_dev_name[MAX_SHORTNAME], dev_name[MAX_PATHNAME];
DIR *proc_dir;
struct dirent *proc_dentry;
struct stat st;
pid_t pid;
if (crypt_get_debug_level() != CRYPT_LOG_DEBUG)
return;
snprintf(dev_name, sizeof(dev_name), "/dev/mapper/%s", dm_name);
if (stat(dev_name, &st) || !S_ISBLK(st.st_mode))
return;
snprintf(short_dev_name, sizeof(short_dev_name), "/dev/dm-%u", minor(st.st_rdev));
if (!(proc_dir = opendir("/proc")))
return;
while ((proc_dentry = readdir(proc_dir))) {
if (!numeric_name(proc_dentry->d_name))
continue;
pid = atoi(proc_dentry->d_name);
switch(check_pid(pid, dev_name, short_dev_name)) {
case 1: report_proc(pid, dev_name);
break;
case 2: report_proc(pid, short_dev_name);
default:
break;
}
}
closedir(proc_dir);
}

157
luks/Makefile.am
View File

@@ -2,7 +2,7 @@ moduledir = $(libdir)/cryptsetup
noinst_LTLIBRARIES = libluks.la
libluks_la_CFLAGS = -Wall @LIBGCRYPT_CFLAGS@
libluks_la_CFLAGS = -I $(top_srcdir)/luks/sha -Wall
libluks_la_SOURCES = \
af.c \
@@ -11,6 +11,12 @@ libluks_la_SOURCES = \
keyencryption.c \
hexprint.c \
random.c \
sha/sha1.c \
sha/hmac_sha1.h \
sha/hmac.h \
sha/hmac_sha1.c \
sha/sha1.h \
XORblock.h \
pbkdf.h \
random.h \
af.h \
@@ -21,3 +27,152 @@ INCLUDES = -D_GNU_SOURCE \
-D_FILE_OFFSET_BITS=64 \
-I$(top_srcdir)/lib
EXTRA_DIST = sha/hmac.c testing/fileDiffer.py testing/compatimage.bz2
ORIG_IMG = /tmp/luks-test-orig
IMG = /tmp/luks-test
IMG1 = /tmp/luks-test1
LUKS_HEADER = S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591
KEY_SLOT0 = S208-211 S212-215 R216-247 S248-251 S251-255
KEY_MATERIAL0 = R4096-68096
KEY_MATERIAL0_EXT = R4096-68096
KEY_SLOT1 = S256-259 S260-263 R264-295 S296-299 S300-303
KEY_MATERIAL1 = R69632-133632
KEY_MATERIAL1_EXT = S69632-133632
LOOPDEV = /dev/loop/5
test:
(cd ..; make clean; make CFLAGS=-Werror)
@if [ `id -u` != 0 ]; then \
echo Not root; \
fi
@if [ ! -e /tmp/key1 ]; then \
dd if=/dev/urandom of=/tmp/key1 count=1 bs=32; \
fi
@bzip2 -cd testing/compatimage.bz2 > $(IMG)
@-/sbin/losetup -d $(LOOPDEV)
@/sbin/losetup $(LOOPDEV) $(IMG)
@echo Case: open - compat image - acceptance check
# Image must not change
@cp $(IMG) $(ORIG_IMG)
echo "compatkey" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG)
@-ls -l /dev/mapper/dummy > /dev/null
@../src/cryptsetup remove dummy
@echo "success"
@echo Case: open - compat image - denial check
# Image must not change
@cp $(IMG) $(ORIG_IMG)
echo "wrongkey" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy || true
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG)
@echo "success"
@echo Case: format
# All headers items and first key material section must change
@cp $(IMG) $(ORIG_IMG)
echo "key0" | ../src/cryptsetup -v -i 1000 -c aes-cbc-essiv:sha256 luksFormat $(LOOPDEV)
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG) $(LUKS_HEADER) $(KEY_SLOT0) $(KEY_MATERIAL0)
@echo Case: open
# Image must not change
@cp $(IMG) $(ORIG_IMG)
echo "key0" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG)
@-ls -l /dev/mapper/dummy > /dev/null
@../src/cryptsetup remove dummy
@echo "success"
@echo Case: add key
# Key Slot 1 and key material section 1 must change, the rest must not.
@cp $(IMG) $(ORIG_IMG)
echo -e "key0\nkey1" | ../src/cryptsetup -v luksAddKey $(LOOPDEV)
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG) $(KEY_SLOT1) $(KEY_MATERIAL1)
echo "key1" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy
@-ls -l /dev/mapper/dummy > /dev/null
@../src/cryptsetup -v remove dummy
@echo "success"
# Unsuccessful Key Delete - nothing may change
@echo Case: unsuccessful delete
@cp $(IMG) $(ORIG_IMG)
echo "invalid" | ../src/cryptsetup -v luksDelKey $(LOOPDEV) 1 || true
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG)
@echo "success"
# Delete Key Test
# Key Slot 1 and key material section 1 must change, the rest must not
@echo Case: successful delete
@cp $(IMG) $(ORIG_IMG)
../src/cryptsetup -v -q luksDelKey $(LOOPDEV) 1
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG) $(KEY_SLOT1) $(KEY_MATERIAL1_EXT)
echo "key1" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy 2>/dev/null || true
echo "key0" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy 2>/dev/null
@../src/cryptsetup -v remove dummy
@echo "success"
# Non-Exclusive Open test
@echo Case: Non-Exclusive Open
echo "key0" | ../src/cryptsetup -v --readonly luksOpen $(LOOPDEV) dummy1 2>/dev/null
# must fail
echo "key0" | ../src/cryptsetup -v --readonly luksOpen $(LOOPDEV) dummy2 2>/dev/null || true
echo "key0" | ../src/cryptsetup -v --non-exclusive --readonly luksOpen $(LOOPDEV) dummy2 2>/dev/null
@../src/cryptsetup -v remove dummy1
@../src/cryptsetup -v remove dummy2
# Key Slot 1 and key material section 1 must change, the rest must not
@echo Case: add key test for key files
@cp $(IMG) $(ORIG_IMG)
echo "key0" | ../src/cryptsetup -v luksAddKey $(LOOPDEV) /tmp/key1
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG) $(KEY_SLOT1) $(KEY_MATERIAL1)
../src/cryptsetup -d /tmp/key1 -v luksOpen $(LOOPDEV) dummy
@-ls -l /dev/mapper/dummy > /dev/null
@../src/cryptsetup -v remove dummy
@echo "success"
@echo Case: delete key test with /tmp/key1 as remaining key
# Key Slot 1 and key material section 1 must change, the rest must not
@cp $(IMG) $(ORIG_IMG)
../src/cryptsetup -v -d /tmp/key1 luksDelKey $(LOOPDEV) 0
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG) $(KEY_SLOT0) $(KEY_MATERIAL0_EXT)
echo "key0" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy 2>/dev/null || true
../src/cryptsetup -v luksOpen -d /tmp/key1 $(LOOPDEV) dummy 2>/dev/null
@../src/cryptsetup -v remove dummy
@echo "success"
# Delete last slot
@echo Case: delete last key
@cp $(IMG) $(ORIG_IMG)
@echo "key0" | ../src/cryptsetup -v luksFormat $(LOOPDEV)
echo "key0" | ../src/cryptsetup -v luksKillSlot $(LOOPDEV) 0
@sync
echo "key0" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy 2>/dev/null || true
@echo "success"
# Format test for ESSIV, and some other parameters.
@echo Case: parameter variation test
@dd if=/dev/zero of=$(IMG) count=20000
@cp $(IMG) $(ORIG_IMG)
@../src/cryptsetup -q -v -i 1000 -c aes-cbc-essiv:sha256 luksFormat $(LOOPDEV) /tmp/key1
@sync
testing/fileDiffer.py $(IMG) $(ORIG_IMG) $(LUKS_HEADER) $(KEY_SLOT0) $(KEY_MATERIAL0)
@../src/cryptsetup -d /tmp/key1 -v luksOpen $(LOOPDEV) dummy
@-ls -l /dev/mapper/dummy > /dev/null && echo "success"
@../src/cryptsetup -v remove dummy

13
luks/XORblock.h Normal file
View File

@@ -0,0 +1,13 @@
#ifndef INCLUDED_CRYPTSETUP_LUKS_XORBLOCK_H
#define INCLUDED_CRYPTSETUP_LUKS_XORBLOCK_H
#include <stddef.h>
static void inline XORblock(char const *src1, char const *src2, char *dst, size_t n)
{
size_t j;
for(j = 0; j < n; ++j)
dst[j] = src1[j] ^ src2[j];
}
#endif

104
luks/af.c
View File

@@ -1,7 +1,6 @@
/*
* AFsplitter - Anti forensic information splitter
* Copyright 2004, Clemens Fruhwirth <clemens@endorphin.org>
* Copyright (C) 2009 Red Hat, Inc. All rights reserved.
*
* AFsplitter diffuses information over a large stripe of data,
* therefor supporting secure data destruction.
@@ -20,63 +19,52 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <errno.h>
#include <gcrypt.h>
#include "sha1.h"
#include "XORblock.h"
#include "random.h"
static void XORblock(char const *src1, char const *src2, char *dst, size_t n)
{
size_t j;
for(j = 0; j < n; ++j)
dst[j] = src1[j] ^ src2[j];
}
static int hash_buf(char *src, char *dst, uint32_t iv, int len, int hash_id)
{
gcry_md_hd_t hd;
unsigned char *digest;
iv = htonl(iv);
if (gcry_md_open(&hd, hash_id, 0))
return 1;
gcry_md_write(hd, (unsigned char *)&iv, sizeof(iv));
gcry_md_write(hd, src, len);
digest = gcry_md_read(hd, hash_id);
memcpy(dst, digest, len);
gcry_md_close(hd);
return 0;
}
/* diffuse: Information spreading over the whole dataset with
* the help of hash function.
* the help of sha512.
*/
static int diffuse(char *src, char *dst, size_t size, int hash_id)
static void diffuse(unsigned char *src, unsigned char *dst, size_t size)
{
unsigned int digest_size = gcry_md_get_algo_dlen(hash_id);
unsigned int i, blocks, padding;
sha1_ctx ctx;
uint32_t i;
uint32_t IV; /* host byte order independend hash IV */
unsigned int fullblocks = size / SHA1_DIGEST_SIZE;
unsigned int padding = size % SHA1_DIGEST_SIZE;
unsigned char final[SHA1_DIGEST_SIZE];
blocks = size / digest_size;
padding = size % digest_size;
/* hash block the whole data set with different IVs to produce
* more than just a single data block
*/
for (i=0; i < fullblocks; i++) {
sha1_begin(&ctx);
IV = htonl(i);
sha1_hash((const unsigned char *) &IV, sizeof(IV), &ctx);
sha1_hash(src + SHA1_DIGEST_SIZE * i, SHA1_DIGEST_SIZE, &ctx);
sha1_end(dst + SHA1_DIGEST_SIZE * i, &ctx);
}
for (i = 0; i < blocks; i++)
if(hash_buf(src + digest_size * i,
dst + digest_size * i,
i, digest_size, hash_id))
return 1;
if(padding)
if(hash_buf(src + digest_size * i,
dst + digest_size * i,
i, padding, hash_id))
return 1;
return 0;
if(padding) {
sha1_begin(&ctx);
IV = htonl(i);
sha1_hash((const unsigned char *) &IV, sizeof(IV), &ctx);
sha1_hash(src + SHA1_DIGEST_SIZE * i, padding, &ctx);
sha1_end(final, &ctx);
memcpy(dst + SHA1_DIGEST_SIZE * i, final, padding);
}
}
/*
@@ -85,15 +73,11 @@ static int diffuse(char *src, char *dst, size_t size, int hash_id)
* must be supplied to AF_merge to recover information.
*/
int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash)
int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers)
{
unsigned int i;
char *bufblock;
int r = -EINVAL;
int hash_id;
if (!(hash_id = gcry_md_map_name(hash)))
return -EINVAL;
if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM;
@@ -103,8 +87,7 @@ int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers,
if(r < 0) goto out;
XORblock(dst+(blocksize*i),bufblock,bufblock,blocksize);
if(diffuse(bufblock, bufblock, blocksize, hash_id))
goto out;
diffuse((unsigned char *) bufblock, (unsigned char *) bufblock, blocksize);
}
/* the last block is computed */
XORblock(src,bufblock,dst+(i*blocksize),blocksize);
@@ -114,27 +97,20 @@ out:
return r;
}
int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash)
int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers)
{
unsigned int i;
char *bufblock;
int r = -EINVAL;
int hash_id;
if (!(hash_id = gcry_md_map_name(hash)))
return -EINVAL;
if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM;
memset(bufblock,0,blocksize);
for(i=0; i<blocknumbers-1; i++) {
XORblock(src+(blocksize*i),bufblock,bufblock,blocksize);
if(diffuse(bufblock, bufblock, blocksize, hash_id))
goto out;
diffuse((unsigned char *) bufblock, (unsigned char *) bufblock, blocksize);
}
XORblock(src + blocksize * i, bufblock, dst, blocksize);
r = 0;
out:
free(bufblock);
free(bufblock);
return 0;
}

14
luks/af.h
View File

@@ -7,19 +7,19 @@
*/
/*
* AF_split operates on src and produces information splitted data in
* AF_split operates on src and produces information splitted data in
* dst. src is assumed to be of the length blocksize. The data stripe
* dst points to must be captable of storing blocksize*blocknumbers.
* dst points to must be captable of storing blocksize*blocknumbers.
* blocknumbers is the data multiplication factor.
*
* AF_merge does just the opposite: reproduces the information stored in
* src of the length blocksize*blocknumbers into dst of the length
* AF_merge does just the opposite: reproduces the information stored in
* src of the length blocksize*blocknumbers into dst of the length
* blocksize.
*
* On error, both functions return -1, 0 otherwise.
*/
*/
int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers);
int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers);
#endif

156
luks/keyencryption.c
View File

@@ -33,9 +33,9 @@
#include <signal.h>
#include "luks.h"
//#include "../lib/libcryptsetup.h"
#include "../lib/libcryptsetup.h"
#include "../lib/internal.h"
//#include "../lib/blockdev.h"
#include "../lib/blockdev.h"
#define div_round_up(a,b) ({ \
typeof(a) __a = (a); \
@@ -47,44 +47,70 @@ static inline int round_up_modulo(int x, int m) {
return div_round_up(x, m) * m;
}
static struct setup_backend *cleaner_backend=NULL;
static const char *cleaner_name=NULL;
static uint64_t cleaner_size = 0;
static int devfd=-1;
static int setup_mapping(const char *cipher, const char *name,
static int setup_mapping(const char *cipher, const char *name,
const char *device, unsigned int payloadOffset,
const char *key, size_t keyLength,
unsigned int sector, size_t srcLength,
int mode, struct crypt_device *ctx)
const char *key, size_t keyLength,
unsigned int sector, size_t srcLength,
struct setup_backend *backend,
int mode)
{
struct crypt_options k = {0};
struct crypt_options *options = &k;
int device_sector_size = sector_size_for_device(device);
uint64_t size;
int r;
/*
* we need to round this to nearest multiple of the underlying
* device's sector size, otherwise the mapping will be refused.
*/
if(device_sector_size < 0) {
log_err(ctx, _("Unable to obtain sector size for %s"), device);
set_error(_("Unable to obtain sector size for %s"),device);
return -EINVAL;
}
size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
cleaner_size = size;
options->size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
cleaner_size = options->size;
return dm_create_device(name, device, cipher, "TEMP", NULL, size, 0, sector,
keyLength, key, (mode == O_RDONLY), 0);
options->offset = sector;
options->cipher = cipher;
options->key_size = keyLength;
options->skip = 0;
options->flags = 0;
options->name = name;
options->device = device;
if (mode == O_RDONLY) {
options->flags |= CRYPT_FLAG_READONLY;
}
set_error(NULL);
r = backend->create(0, options, key, NULL);
return r;
}
static int clear_mapping(const char *name, uint64_t size, struct setup_backend *backend)
{
struct crypt_options options = {0};
options.name=name;
options.size = size;
return backend->remove(1, &options);
}
static void sigint_handler(int sig)
{
if(devfd >= 0)
close(devfd);
devfd = -1;
if(cleaner_name)
dm_remove_device(cleaner_name, 1, cleaner_size);
signal(SIGINT, SIG_DFL);
kill(getpid(), SIGINT);
if(devfd >= 0)
close(devfd);
devfd = -1;
if(cleaner_backend && cleaner_name)
clear_mapping(cleaner_name, cleaner_size, cleaner_backend);
signal(SIGINT, SIG_DFL);
kill(getpid(), SIGINT);
}
static char *_error_hint(char *cipherName, char *cipherMode, size_t keyLength)
@@ -105,13 +131,13 @@ static char *_error_hint(char *cipherName, char *cipherMode, size_t keyLength)
kernel_minor = atoi(tmp);
if (!strncmp(cipherMode, "xts", 3) && (keyLength != 256 && keyLength != 512))
hint = _("Key size in XTS mode must be 256 or 512 bits.\n");
hint = "Key size in XTS mode must be 256 or 512 bits.";
else if (!strncmp(cipherMode, "xts", 3) && kernel_minor < 24)
hint = _("Block mode XTS is available since kernel 2.6.24.\n");
hint = "Block mode XTS is available since kernel 2.6.24.";
if (!strncmp(cipherMode, "lrw", 3) && (keyLength != 256 && keyLength != 512))
hint = _("Key size in LRW mode must be 256 or 512 bits.\n");
hint = "Key size in LRW mode must be 256 or 512 bits.";
else if (!strncmp(cipherMode, "lrw", 3) && kernel_minor < 20)
hint = _("Block mode LRW is available since kernel 2.6.20.\n");
hint = "Block mode LRW is available since kernel 2.6.20.";
#endif
return hint;
}
@@ -122,19 +148,18 @@ static int LUKS_endec_template(char *src, size_t srcLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector,
unsigned int sector, struct setup_backend *backend,
ssize_t (*func)(int, void *, size_t),
int mode,
struct crypt_device *ctx)
int mode)
{
char *name = NULL;
char *fullpath = NULL;
char *dmCipherSpec = NULL;
const char *dmDir = dm_get_dir();
const char *dmDir = backend->dir();
int r = -1;
if(dmDir == NULL) {
log_err(ctx, _("Failed to obtain device mapper directory."));
fputs(_("Failed to obtain device mapper directory."), stderr);
return -1;
}
if(asprintf(&name,"temporary-cryptsetup-%d",getpid()) == -1 ||
@@ -143,70 +168,65 @@ static int LUKS_endec_template(char *src, size_t srcLength,
r = -ENOMEM;
goto out1;
}
signal(SIGINT, sigint_handler);
cleaner_name = name;
cleaner_backend = backend;
r = setup_mapping(dmCipherSpec, name, device, hdr->payloadOffset,
key, keyLength, sector, srcLength, mode, ctx);
r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode);
if(r < 0) {
log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n%s"),
device, dmCipherSpec,
_error_hint(hdr->cipherName, hdr->cipherMode, keyLength * 8));
set_error("Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n%s",
device, dmCipherSpec,
_error_hint(hdr->cipherName, hdr->cipherMode, keyLength * 8));
r = -EIO;
goto out1;
}
devfd = open(fullpath, mode | O_DIRECT | O_SYNC); /* devfd is a global var */
if(devfd == -1) {
log_err(ctx, _("Failed to open temporary keystore device.\n"));
r = -EIO;
goto out2;
}
if(devfd == -1) { r = -EIO; goto out2; }
r = func(devfd,src,srcLength);
if(r < 0) {
log_err(ctx, _("Failed to access temporary keystore device.\n"));
r = -EIO;
goto out3;
}
if(r < 0) { r = -EIO; goto out3; }
r = 0;
out3:
close(devfd);
devfd = -1;
out2:
dm_remove_device(cleaner_name, 1, cleaner_size);
clear_mapping(cleaner_name, cleaner_size, cleaner_backend);
out1:
signal(SIGINT, SIG_DFL);
cleaner_name = NULL;
cleaner_backend = NULL;
cleaner_size = 0;
free(dmCipherSpec);
free(fullpath);
free(name);
free(fullpath);
free(name);
return r;
}
int LUKS_encrypt_to_storage(char *src, size_t srcLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector,
struct crypt_device *ctx)
int LUKS_encrypt_to_storage(char *src, size_t srcLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector, struct setup_backend *backend)
{
return LUKS_endec_template(src,srcLength,hdr,key,keyLength, device, sector,
(ssize_t (*)(int, void *, size_t)) write_blockwise,
O_RDWR, ctx);
return LUKS_endec_template(src,srcLength,hdr,key,keyLength, device, sector, backend,
(ssize_t (*)(int, void *, size_t)) write_blockwise, O_RDWR);
}
int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector, struct setup_backend *backend)
{
return LUKS_endec_template(dst,dstLength,hdr,key,keyLength, device, sector, backend, read_blockwise, O_RDONLY);
}
int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector,
struct crypt_device *ctx)
{
return LUKS_endec_template(dst,dstLength,hdr,key,keyLength, device,
sector, read_blockwise, O_RDONLY, ctx);
}
// Local Variables:
// c-basic-offset: 8
// indent-tabs-mode: nil
// End:

718
luks/keymanage.c
View File

@@ -2,7 +2,7 @@
* LUKS - Linux Unified Key Setup
*
* Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
@@ -16,24 +16,26 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <linux/fs.h>
#include <netinet/in.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "luks.h"
#include "af.h"
#include "pbkdf.h"
#include "sha1.h"
#include "random.h"
#include "XORblock.h"
#include <uuid/uuid.h>
#include <../lib/internal.h>
@@ -47,13 +49,11 @@ static inline int round_up_modulo(int x, int m) {
return div_round_up(x, m) * m;
}
struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key)
struct luks_masterkey *LUKS_alloc_masterkey(int keylength)
{
struct luks_masterkey *mk=malloc(sizeof(*mk) + keylength);
if(NULL == mk) return NULL;
mk->keyLength=keylength;
if (key)
memcpy(&mk->key, key, keylength);
return mk;
}
@@ -68,7 +68,7 @@ void LUKS_dealloc_masterkey(struct luks_masterkey *mk)
struct luks_masterkey *LUKS_generate_masterkey(int keylength)
{
struct luks_masterkey *mk=LUKS_alloc_masterkey(keylength, NULL);
struct luks_masterkey *mk=LUKS_alloc_masterkey(keylength);
if(NULL == mk) return NULL;
int r = getRandom(mk->key,keylength);
@@ -79,190 +79,29 @@ struct luks_masterkey *LUKS_generate_masterkey(int keylength)
return mk;
}
int LUKS_hdr_backup(
const char *backup_file,
const char *device,
struct luks_phdr *hdr,
struct crypt_device *ctx)
int LUKS_read_phdr(const char *device, struct luks_phdr *hdr)
{
int r = 0, devfd = -1;
size_t buffer_size;
char *buffer = NULL;
struct stat st;
if(stat(backup_file, &st) == 0) {
log_err(ctx, _("Requested file %s already exist.\n"), backup_file);
return -EINVAL;
}
r = LUKS_read_phdr(device, hdr, 0, ctx);
if (r)
return r;
buffer_size = hdr->payloadOffset << SECTOR_SHIFT;
buffer = safe_alloc(buffer_size);
if (!buffer || buffer_size < LUKS_ALIGN_KEYSLOTS) {
r = -ENOMEM;
goto out;
}
log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes).",
sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS);
devfd = open(device, O_RDONLY | O_DIRECT | O_SYNC);
if(devfd == -1) {
log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device);
r = -EINVAL;
goto out;
}
if(read_blockwise(devfd, buffer, buffer_size) < buffer_size) {
r = -EIO;
goto out;
}
close(devfd);
/* Wipe unused area, so backup cannot contain old signatures */
memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr));
devfd = creat(backup_file, S_IRUSR);
if(devfd == -1) {
r = -EINVAL;
goto out;
}
if(write(devfd, buffer, buffer_size) < buffer_size) {
log_err(ctx, _("Cannot write header backup file %s.\n"), backup_file);
r = -EIO;
goto out;
}
close(devfd);
r = 0;
out:
if (devfd != -1)
close(devfd);
safe_free(buffer);
return r;
}
int LUKS_hdr_restore(
const char *backup_file,
const char *device,
struct luks_phdr *hdr,
struct crypt_device *ctx)
{
int r = 0, devfd = -1, diff_uuid = 0;
size_t buffer_size;
char *buffer = NULL, msg[200];
struct stat st;
struct luks_phdr hdr_file;
if(stat(backup_file, &st) < 0) {
log_err(ctx, _("Backup file %s doesn't exist.\n"), backup_file);
return -EINVAL;
}
r = LUKS_read_phdr_backup(backup_file, device, &hdr_file, 0, ctx);
buffer_size = hdr_file.payloadOffset << SECTOR_SHIFT;
if (r || buffer_size < LUKS_ALIGN_KEYSLOTS) {
log_err(ctx, _("Backup file do not contain valid LUKS header.\n"));
r = -EINVAL;
goto out;
}
buffer = safe_alloc(buffer_size);
if (!buffer) {
r = -ENOMEM;
goto out;
}
devfd = open(backup_file, O_RDONLY);
if(devfd == -1) {
log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
r = -EINVAL;
goto out;
}
if(read(devfd, buffer, buffer_size) < buffer_size) {
log_err(ctx, _("Cannot read header backup file %s.\n"), backup_file);
r = -EIO;
goto out;
}
close(devfd);
r = LUKS_read_phdr(device, hdr, 0, ctx);
if (r == 0) {
log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device);
if(hdr->payloadOffset != hdr_file.payloadOffset ||
hdr->keyBytes != hdr_file.keyBytes) {
log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.\n"));
r = -EINVAL;
goto out;
}
if (memcmp(hdr->uuid, hdr_file.uuid, UUID_STRING_L))
diff_uuid = 1;
}
if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device,
r ? _("does not contain LUKS header. Replacing header can destroy data on that device.") :
_("already contains LUKS header. Replacing header will destroy existing keyslots."),
diff_uuid ? _("\nWARNING: real device header has different UUID than backup!") : "") < 0) {
r = -ENOMEM;
goto out;
}
if (!crypt_confirm(ctx, msg)) {
r = -EINVAL;
goto out;
}
log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes) to device %s.",
sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device);
devfd = open(device, O_WRONLY | O_DIRECT | O_SYNC);
if(devfd == -1) {
log_err(ctx, _("Cannot open device %s.\n"), device);
r = -EINVAL;
goto out;
}
if(write_blockwise(devfd, buffer, buffer_size) < buffer_size) {
r = -EIO;
goto out;
}
close(devfd);
/* Be sure to reload new data */
r = LUKS_read_phdr(device, hdr, 0, ctx);
out:
if (devfd != -1)
close(devfd);
safe_free(buffer);
return r;
}
static int _check_and_convert_hdr(const char *device,
struct luks_phdr *hdr,
int require_luks_device,
struct crypt_device *ctx)
{
int r = 0;
unsigned int i;
int devfd = 0, r = 0;
unsigned int i;
uint64_t size;
char luksMagic[] = LUKS_MAGIC;
if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
log_dbg("LUKS header not detected.");
if (require_luks_device)
log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device);
else
set_error(_("Device %s is not a valid LUKS device."), device);
devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
if(-1 == devfd) {
set_error(_("Can't open device: %s\n"), device);
return -EINVAL;
}
if(read_blockwise(devfd, hdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr)) {
r = -EIO;
} else if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
set_error(_("%s is not a LUKS partition\n"), device);
r = -EINVAL;
} else if(memcmp(hdr->hashSpec, "sha1", 4)) { /* Check for SHA1 - other hashspecs are not implemented ATM */
set_error(_("unknown hash spec in phdr\n"), stderr);
r = -EINVAL;
} else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */
log_err(ctx, _("Unsupported LUKS version %d.\n"), hdr->version);
r = -EINVAL;
} else if (PBKDF2_HMAC_ready(hdr->hashSpec) < 0) {
log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hdr->hashSpec);
set_error(_("unknown LUKS version %d\n"), hdr->version);
r = -EINVAL;
} else {
hdr->payloadOffset = ntohl(hdr->payloadOffset);
@@ -277,77 +116,10 @@ static int _check_and_convert_hdr(const char *device,
}
}
return r;
}
static void _to_lower(char *str, unsigned max_len)
{
for(; *str && max_len; str++, max_len--)
if (isupper(*str))
*str = tolower(*str);
}
static void LUKS_fix_header_compatible(struct luks_phdr *header)
{
/* Old cryptsetup expects "sha1", gcrypt allows case insensistive names,
* so always convert hash to lower case in header */
_to_lower(header->hashSpec, LUKS_HASHSPEC_L);
}
int LUKS_read_phdr_backup(const char *backup_file,
const char *device,
struct luks_phdr *hdr,
int require_luks_device,
struct crypt_device *ctx)
{
int devfd = 0, r = 0;
log_dbg("Reading LUKS header of size %d from backup file %s",
sizeof(struct luks_phdr), backup_file);
devfd = open(backup_file, O_RDONLY);
if(-1 == devfd) {
log_err(ctx, _("Cannot open file %s.\n"), device);
return -EINVAL;
}
if(read(devfd, hdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr))
r = -EIO;
else {
LUKS_fix_header_compatible(hdr);
r = _check_and_convert_hdr(backup_file, hdr, require_luks_device, ctx);
}
close(devfd);
return r;
}
int LUKS_read_phdr(const char *device,
struct luks_phdr *hdr,
int require_luks_device,
struct crypt_device *ctx)
{
int devfd = 0, r = 0;
uint64_t size;
log_dbg("Reading LUKS header of size %d from device %s",
sizeof(struct luks_phdr), device);
devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
if(-1 == devfd) {
log_err(ctx, _("Cannot open device %s.\n"), device);
return -EINVAL;
}
if(read_blockwise(devfd, hdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr))
r = -EIO;
else
r = _check_and_convert_hdr(device, hdr, require_luks_device, ctx);
#ifdef BLKGETSIZE64
if (r == 0 && (ioctl(devfd, BLKGETSIZE64, &size) < 0 ||
size < (uint64_t)hdr->payloadOffset)) {
log_err(ctx, _("LUKS header detected but device %s is too small.\n"), device);
if (ioctl(devfd, BLKGETSIZE64, &size) < 0 ||
size < (uint64_t)hdr->payloadOffset) {
set_error(_("LUKS header detected but device %s is too small.\n"), device);
r = -EINVAL;
}
#endif
@@ -356,26 +128,20 @@ int LUKS_read_phdr(const char *device,
return r;
}
int LUKS_write_phdr(const char *device,
struct luks_phdr *hdr,
struct crypt_device *ctx)
int LUKS_write_phdr(const char *device, struct luks_phdr *hdr)
{
int devfd = 0;
unsigned int i;
struct luks_phdr convHdr;
int r;
log_dbg("Updating LUKS header of size %d on device %s",
sizeof(struct luks_phdr), device);
devfd = open(device,O_RDWR | O_DIRECT | O_SYNC);
if(-1 == devfd) {
log_err(ctx, _("Cannot open device %s.\n"), device);
set_error(_("Can't open device %s"), device);
return -EINVAL;
}
memcpy(&convHdr, hdr, sizeof(struct luks_phdr));
memset(&convHdr._padding, 0, sizeof(convHdr._padding));
/* Convert every uint16/32_t item to network byte order */
convHdr.version = htons(hdr->version);
@@ -390,44 +156,15 @@ int LUKS_write_phdr(const char *device,
}
r = write_blockwise(devfd, &convHdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr) ? -EIO : 0;
if (r)
log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device);
close(devfd);
/* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
if (!r) {
r = LUKS_read_phdr(device, hdr, 1, ctx);
if (r)
log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"), device);
}
return r;
}
}
static int LUKS_PBKDF2_performance_check(const char *hashSpec,
uint64_t *PBKDF2_per_sec,
struct crypt_device *ctx)
{
if (!*PBKDF2_per_sec) {
if (PBKDF2_performance_check(hashSpec, PBKDF2_per_sec) < 0) {
log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"), hashSpec);
return -EINVAL;
}
log_dbg("PBKDF2: %" PRIu64 " iterations per second using hash %s.", *PBKDF2_per_sec, hashSpec);
}
return 0;
}
int LUKS_generate_phdr(struct luks_phdr *header,
const struct luks_masterkey *mk,
const char *cipherName, const char *cipherMode, const char *hashSpec,
const char *uuid, unsigned int stripes,
unsigned int alignPayload,
unsigned int alignOffset,
uint32_t iteration_time_ms,
uint64_t *PBKDF2_per_sec,
struct crypt_device *ctx)
int LUKS_generate_phdr(struct luks_phdr *header,
const struct luks_masterkey *mk, const char *cipherName,
const char *cipherMode, unsigned int stripes,
unsigned int alignPayload)
{
unsigned int i=0;
unsigned int blocksPerStripeSet = div_round_up(mk->keyLength*stripes,SECTOR_SIZE);
@@ -435,7 +172,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
char luksMagic[] = LUKS_MAGIC;
uuid_t partitionUuid;
int currentSector;
int alignSectors = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
int alignSectors = 4096/SECTOR_SIZE;
if (alignPayload == 0)
alignPayload = alignSectors;
@@ -446,39 +183,21 @@ int LUKS_generate_phdr(struct luks_phdr *header,
header->version=1;
strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L);
strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L);
strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L);
/* This is hard coded ATM */
strncpy(header->hashSpec,"sha1",LUKS_HASHSPEC_L);
header->keyBytes=mk->keyLength;
LUKS_fix_header_compatible(header);
log_dbg("Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
header->version, header->hashSpec ,header->cipherName, header->cipherMode,
header->keyBytes);
r = getRandom(header->mkDigestSalt,LUKS_SALTSIZE);
if(r < 0) {
log_err(ctx, _("Cannot create LUKS header: reading random salt failed.\n"));
return r;
}
if ((r = LUKS_PBKDF2_performance_check(header->hashSpec, PBKDF2_per_sec, ctx)))
return r;
if(r < 0) return r;
/* Compute master key digest */
iteration_time_ms /= 8;
header->mkDigestIterations = at_least((uint32_t)(*PBKDF2_per_sec/1024) * iteration_time_ms,
LUKS_MKD_ITERATIONS_MIN);
r = PBKDF2_HMAC(header->hashSpec,mk->key,mk->keyLength,
header->mkDigestSalt,LUKS_SALTSIZE,
header->mkDigestIterations,
header->mkDigest,LUKS_DIGESTSIZE);
if(r < 0) {
log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s).\n"),
header->hashSpec);
return r;
}
header->mkDigestIterations = LUKS_MKD_ITER;
PBKDF2_HMAC_SHA1(mk->key,mk->keyLength,
header->mkDigestSalt,LUKS_SALTSIZE,
header->mkDigestIterations,
header->mkDigest,LUKS_DIGESTSIZE);
currentSector = round_up_modulo(LUKS_PHDR_SIZE, alignSectors);
for(i = 0; i < LUKS_NUMKEYS; ++i) {
@@ -489,90 +208,52 @@ int LUKS_generate_phdr(struct luks_phdr *header,
}
currentSector = round_up_modulo(currentSector, alignPayload);
/* alignOffset - offset from natural device alignment provided by topology info */
header->payloadOffset = currentSector + alignOffset;
header->payloadOffset=currentSector;
if (uuid && !uuid_parse(uuid, partitionUuid)) {
log_err(ctx, _("Wrong UUID format provided, generating new one.\n"));
uuid = NULL;
}
if (!uuid)
uuid_generate(partitionUuid);
uuid_generate(partitionUuid);
uuid_unparse(partitionUuid, header->uuid);
log_dbg("Data offset %d, UUID %s, digest iterations %" PRIu32,
header->payloadOffset, header->uuid, header->mkDigestIterations);
return 0;
}
int LUKS_set_key(const char *device, unsigned int keyIndex,
const char *password, size_t passwordLen,
int LUKS_set_key(const char *device, unsigned int keyIndex,
const char *password, size_t passwordLen,
struct luks_phdr *hdr, struct luks_masterkey *mk,
uint32_t iteration_time_ms,
uint64_t *PBKDF2_per_sec,
struct crypt_device *ctx)
struct setup_backend *backend)
{
char derivedKey[hdr->keyBytes];
char *AfKey;
unsigned int AFEKSize;
uint64_t PBKDF2_temp;
int r;
if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
log_err(ctx, _("Key slot %d active, purge first.\n"), keyIndex);
set_error( _("key %d active, purge first"), keyIndex);
return -EINVAL;
}
if(hdr->keyblock[keyIndex].stripes < LUKS_STRIPES) {
log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"),
keyIndex);
set_error(_("key material section %d includes too few stripes. Header manipulation?"),keyIndex);
return -EINVAL;
}
log_dbg("Calculating data for key slot %d", keyIndex);
if ((r = LUKS_PBKDF2_performance_check(hdr->hashSpec, PBKDF2_per_sec, ctx)))
return r;
/*
* Avoid floating point operation
* Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN
*/
PBKDF2_temp = (*PBKDF2_per_sec / 2) * (uint64_t)iteration_time_ms;
PBKDF2_temp /= 1024;
if (PBKDF2_temp > UINT32_MAX)
PBKDF2_temp = UINT32_MAX;
hdr->keyblock[keyIndex].passwordIterations = at_least((uint32_t)PBKDF2_temp,
LUKS_SLOT_ITERATIONS_MIN);
log_dbg("Key slot %d use %d password iterations.", keyIndex, hdr->keyblock[keyIndex].passwordIterations);
r = getRandom(hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE);
if(r < 0) return r;
// assert((mk->keyLength % TWOFISH_BLOCKSIZE) == 0); FIXME
r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
hdr->keyblock[keyIndex].passwordIterations,
derivedKey, hdr->keyBytes);
if(r < 0) return r;
PBKDF2_HMAC_SHA1(password,passwordLen,
hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
hdr->keyblock[keyIndex].passwordIterations,
derivedKey, hdr->keyBytes);
/*
* AF splitting, the masterkey stored in mk->key is splitted to AfMK
*/
AFEKSize = hdr->keyblock[keyIndex].stripes*mk->keyLength;
AfKey = (char *)malloc(AFEKSize);
if(AfKey == NULL) return -ENOMEM;
log_dbg("Using hash %s for AF in key slot %d, %d stripes",
hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes);
r = AF_split(mk->key,AfKey,mk->keyLength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
r = AF_split(mk->key,AfKey,mk->keyLength,hdr->keyblock[keyIndex].stripes);
if(r < 0) goto out;
log_dbg("Updating key slot %d [0x%04x] area on device %s.", keyIndex,
hdr->keyblock[keyIndex].keyMaterialOffset << 9, device);
/* Encryption via dm */
r = LUKS_encrypt_to_storage(AfKey,
AFEKSize,
@@ -581,18 +262,16 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
hdr->keyBytes,
device,
hdr->keyblock[keyIndex].keyMaterialOffset,
ctx);
backend);
if(r < 0) {
if(!get_error())
log_err(ctx, _("Failed to write to key storage.\n"));
set_error("Failed to write to key storage");
goto out;
}
/* Mark the key as active in phdr */
r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
if(r < 0) goto out;
r = LUKS_write_phdr(device, hdr, ctx);
hdr->keyblock[keyIndex].active = LUKS_KEY_ENABLED;
r = LUKS_write_phdr(device,hdr);
if(r < 0) goto out;
r = 0;
@@ -601,57 +280,39 @@ out:
return r;
}
/* Check whether a master key is invalid. */
int LUKS_verify_master_key(const struct luks_phdr *hdr,
const struct luks_masterkey *mk)
{
char checkHashBuf[LUKS_DIGESTSIZE];
/* Try to open a particular key slot,
if (PBKDF2_HMAC(hdr->hashSpec, mk->key, mk->keyLength,
hdr->mkDigestSalt, LUKS_SALTSIZE,
hdr->mkDigestIterations, checkHashBuf,
LUKS_DIGESTSIZE) < 0)
return -EINVAL;
*/
if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
return -EPERM;
return 0;
}
/* Try to open a particular key slot */
int LUKS_open_key(const char *device,
unsigned int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
int LUKS_open_key(const char *device,
unsigned int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey *mk,
struct crypt_device *ctx)
struct setup_backend *backend)
{
crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyIndex);
char derivedKey[hdr->keyBytes];
char *AfKey;
size_t AFEKSize;
char checkHashBuf[LUKS_DIGESTSIZE];
int r;
log_dbg("Trying to open key slot %d [%d].", keyIndex, (int)ki);
if (ki < CRYPT_SLOT_ACTIVE)
return -ENOENT;
if(hdr->keyblock[keyIndex].active != LUKS_KEY_ENABLED) {
return -EINVAL;
}
// assert((mk->keyLength % TWOFISH_BLOCKSIZE) == 0); FIXME
AFEKSize = hdr->keyblock[keyIndex].stripes*mk->keyLength;
AfKey = (char *)malloc(AFEKSize);
if(AfKey == NULL) return -ENOMEM;
PBKDF2_HMAC_SHA1(password,passwordLen,
hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
hdr->keyblock[keyIndex].passwordIterations,
derivedKey, hdr->keyBytes);
r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
hdr->keyblock[keyIndex].passwordIterations,
derivedKey, hdr->keyBytes);
if(r < 0) goto out;
log_dbg("Reading key slot %d area.", keyIndex);
r = LUKS_decrypt_from_storage(AfKey,
AFEKSize,
hdr,
@@ -659,51 +320,66 @@ int LUKS_open_key(const char *device,
hdr->keyBytes,
device,
hdr->keyblock[keyIndex].keyMaterialOffset,
ctx);
backend);
if(r < 0) {
log_err(ctx, _("Failed to read from key storage.\n"));
if(!get_error())
set_error("Failed to read from key storage");
goto out;
}
r = AF_merge(AfKey,mk->key,mk->keyLength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
r = AF_merge(AfKey,mk->key,mk->keyLength,hdr->keyblock[keyIndex].stripes);
if(r < 0) goto out;
PBKDF2_HMAC_SHA1(mk->key,mk->keyLength,
hdr->mkDigestSalt,LUKS_SALTSIZE,
hdr->mkDigestIterations,
checkHashBuf,LUKS_DIGESTSIZE);
r = LUKS_verify_master_key(hdr, mk);
if (r >= 0)
log_std(ctx, _("Key slot %d unlocked.\n"), keyIndex);
r = (memcmp(checkHashBuf,hdr->mkDigest, LUKS_DIGESTSIZE) == 0)?0:-EPERM;
out:
free(AfKey);
return r;
}
int LUKS_open_key_with_hdr(const char *device,
int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct crypt_device *ctx)
/* Tries to open any key from a given LUKS device reading the header on its own */
int LUKS_open_any_key(const char *device,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct setup_backend *backend)
{
int r;
r = LUKS_read_phdr(device, hdr);
if(r < 0)
return r;
return LUKS_open_any_key_with_hdr(device,password,passwordLen,hdr,mk,backend);
}
int LUKS_open_any_key_with_hdr(const char *device,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct setup_backend *backend)
{
unsigned int i;
int r;
*mk = LUKS_alloc_masterkey(hdr->keyBytes, NULL);
if (keyIndex >= 0)
return LUKS_open_key(device, keyIndex, password, passwordLen, hdr, *mk, ctx);
for(i = 0; i < LUKS_NUMKEYS; i++) {
r = LUKS_open_key(device, i, password, passwordLen, hdr, *mk, ctx);
if(r == 0)
return i;
/* Do not retry for errors that are no -EPERM or -ENOENT,
former meaning password wrong, latter key slot inactive */
if ((r != -EPERM) && (r != -ENOENT))
return r;
*mk=LUKS_alloc_masterkey(hdr->keyBytes);
for(i=0; i<LUKS_NUMKEYS; i++) {
r = LUKS_open_key(device, i, password, passwordLen, hdr, *mk, backend);
if(r == 0) {
return i;
}
/* Do not retry for errors that are no -EPERM or -EINVAL, former meaning password wrong, latter key slot inactive */
if ((r != -EPERM) && (r != -EINVAL))
return r;
}
/* Warning, early returns above */
log_err(ctx, _("No key available with this passphrase.\n"));
return -EPERM;
}
@@ -714,7 +390,7 @@ int LUKS_open_key_with_hdr(const char *device,
static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
{
unsigned int i;
unsigned char write_modes[][3] = {
{"\x55\x55\x55"}, {"\xaa\xaa\xaa"}, {"\x92\x49\x24"},
{"\x49\x24\x92"}, {"\x24\x92\x49"}, {"\x00\x00\x00"},
@@ -726,7 +402,7 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
{"\x92\x49\x24"}, {"\x49\x24\x92"}, {"\x24\x92\x49"},
{"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
};
for(i = 0; i < buffer_size / 3; ++i) {
memcpy(buffer, write_modes[turn], 3);
buffer += 3;
@@ -740,10 +416,12 @@ static int wipe(const char *device, unsigned int from, unsigned int to)
unsigned int i;
unsigned int bufLen = (to - from) * SECTOR_SIZE;
int r = 0;
devfd = open(device, O_RDWR | O_DIRECT | O_SYNC);
if(devfd == -1)
if(devfd == -1) {
set_error(_("Can't open device %s"), device);
return -EINVAL;
}
buffer = (char *) malloc(bufLen);
if(!buffer) return -ENOMEM;
@@ -766,94 +444,80 @@ static int wipe(const char *device, unsigned int from, unsigned int to)
return r;
}
int LUKS_del_key(const char *device,
unsigned int keyIndex,
struct luks_phdr *hdr,
struct crypt_device *ctx)
int LUKS_del_key(const char *device, unsigned int keyIndex)
{
struct luks_phdr hdr;
unsigned int startOffset, endOffset, stripesLen;
int r;
r = LUKS_read_phdr(device, &hdr);
if(r != 0) {
/* placeholder */
} else if(keyIndex >= LUKS_NUMKEYS || hdr.keyblock[keyIndex].active != LUKS_KEY_ENABLED) {
set_error(_("Key %d not active. Can't wipe.\n"), keyIndex);
r = -1;
} else {
/* secure deletion of key material */
startOffset = hdr.keyblock[keyIndex].keyMaterialOffset;
stripesLen = hdr.keyBytes * hdr.keyblock[keyIndex].stripes;
endOffset = startOffset + div_round_up(stripesLen, SECTOR_SIZE);
r = LUKS_read_phdr(device, hdr, 1, ctx);
if (r)
return r;
r = LUKS_keyslot_set(hdr, keyIndex, 0);
if (r) {
log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d.\n"),
keyIndex, LUKS_NUMKEYS - 1);
return r;
r = wipe(device, startOffset, endOffset);
if(r == 0) {
/* mark the key as inactive in header */
hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
r = LUKS_write_phdr(device, &hdr);
}
}
/* secure deletion of key material */
startOffset = hdr->keyblock[keyIndex].keyMaterialOffset;
stripesLen = hdr->keyBytes * hdr->keyblock[keyIndex].stripes;
endOffset = startOffset + div_round_up(stripesLen, SECTOR_SIZE);
r = wipe(device, startOffset, endOffset);
if (r) {
log_err(ctx, _("Cannot wipe device %s.\n"), device);
return r;
}
r = LUKS_write_phdr(device, hdr, ctx);
return r;
}
crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot)
int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex)
{
int i;
if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
return CRYPT_SLOT_INVALID;
if (hdr->keyblock[keyslot].active == LUKS_KEY_DISABLED)
return CRYPT_SLOT_INACTIVE;
if (hdr->keyblock[keyslot].active != LUKS_KEY_ENABLED)
return CRYPT_SLOT_INVALID;
for(i = 0; i < LUKS_NUMKEYS; i++)
if(i != keyslot && hdr->keyblock[i].active == LUKS_KEY_ENABLED)
return CRYPT_SLOT_ACTIVE;
return CRYPT_SLOT_ACTIVE_LAST;
struct luks_phdr hdr;
unsigned int i;
int r;
r = LUKS_read_phdr(device, &hdr);
if(r < 0) return r;
for(i = 0; i < LUKS_NUMKEYS; i++) {
if(i != keyIndex && hdr.keyblock[i].active == LUKS_KEY_ENABLED)
return 0;
}
return 1;
}
int LUKS_keyslot_find_empty(struct luks_phdr *hdr)
int LUKS_benchmarkt_iterations()
{
int i;
for (i = 0; i < LUKS_NUMKEYS; i++)
if(hdr->keyblock[i].active == LUKS_KEY_DISABLED)
break;
if (i == LUKS_NUMKEYS)
return -EINVAL;
return i;
return PBKDF2_performance_check()/2;
}
int LUKS_keyslot_active_count(struct luks_phdr *hdr)
int LUKS_device_ready(const char *device, int mode)
{
int i, num = 0;
int devfd;
struct stat st;
for (i = 0; i < LUKS_NUMKEYS; i++)
if(hdr->keyblock[i].active == LUKS_KEY_ENABLED)
num++;
if(stat(device, &st) < 0) {
set_error(_("Device %s doesn't exist or access denied."), device);
return 0;
}
return num;
devfd = open(device, mode | O_DIRECT | O_SYNC);
if(devfd < 0) {
set_error(_("Can't open device %s for %s%saccess."), device,
(mode & O_EXCL)?_("exclusive "):"",
(mode & O_RDWR)?_("writable "):"read-only ");
return 0;
}
close(devfd);
return 1;
}
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable)
{
crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot);
if (ki == CRYPT_SLOT_INVALID)
return -EINVAL;
hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED;
log_dbg("Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
return 0;
}
// Local Variables:
// c-basic-offset: 8
// indent-tabs-mode: nil
// End:

171
luks/luks.h
View File

@@ -5,7 +5,10 @@
* LUKS partition header
*/
#include <stddef.h>
#include <netinet/in.h>
#include "libcryptsetup.h"
#include "internal.h"
#define LUKS_CIPHERNAME_L 32
#define LUKS_CIPHERMODE_L 32
@@ -15,9 +18,10 @@
#define LUKS_SALTSIZE 32
#define LUKS_NUMKEYS 8
// Minimal number of iterations
#define LUKS_MKD_ITERATIONS_MIN 1000
#define LUKS_SLOT_ITERATIONS_MIN 1000
// Numbers of iterations for the master key digest
#define LUKS_MKD_ITER 10
// LUKS_KT defines Key types
#define LUKS_KEY_DISABLED_OLD 0
#define LUKS_KEY_ENABLED_OLD 0xCAFE
@@ -28,6 +32,7 @@
#define LUKS_STRIPES 4000
// partition header starts with magic
#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
#define LUKS_MAGIC_L 6
@@ -36,8 +41,9 @@
/* Actually we need only 37, but we don't want struct autoaligning to kick in */
#define UUID_STRING_L 40
/* Offset to align kesylot area */
#define LUKS_ALIGN_KEYSLOTS 4096
/* We don't have gettext support in LUKS */
#define _(Text) Text
/* Any integer values are stored in network byte order on disk and must be
converted */
@@ -57,18 +63,15 @@ struct luks_phdr {
struct {
uint32_t active;
/* parameters used for password processing */
uint32_t passwordIterations;
char passwordSalt[LUKS_SALTSIZE];
/* parameters used for AF store/load */
/* parameters used for AF store/load */
uint32_t keyMaterialOffset;
uint32_t stripes;
uint32_t stripes;
} keyblock[LUKS_NUMKEYS];
/* Align it to 512 sector size */
char _padding[432];
};
struct luks_masterkey {
@@ -76,110 +79,66 @@ struct luks_masterkey {
char key[];
};
struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key);
struct luks_masterkey *LUKS_alloc_masterkey(int keylength);
void LUKS_dealloc_masterkey(struct luks_masterkey *mk);
struct luks_masterkey *LUKS_generate_masterkey(int keylength);
int LUKS_verify_master_key(const struct luks_phdr *hdr,
const struct luks_masterkey *mk);
int LUKS_generate_phdr(
struct luks_phdr *header,
const struct luks_masterkey *mk,
const char *cipherName,
const char *cipherMode,
const char *hashSpec,
const char *uuid,
unsigned int stripes,
unsigned int alignPayload,
unsigned int alignOffset,
uint32_t iteration_time_ms,
uint64_t *PBKDF2_per_sec,
struct crypt_device *ctx);
int LUKS_generate_phdr(struct luks_phdr *header,
const struct luks_masterkey *mk, const char *cipherName,
const char *cipherMode, unsigned int stripes,
unsigned int alignPayload);
int LUKS_read_phdr(
const char *device,
struct luks_phdr *hdr,
int require_luks_device,
struct crypt_device *ctx);
int LUKS_read_phdr(const char *device, struct luks_phdr *hdr);
int LUKS_read_phdr_backup(
const char *backup_file,
const char *device,
struct luks_phdr *hdr,
int require_luks_device,
struct crypt_device *ctx);
int LUKS_write_phdr(const char *device, struct luks_phdr *hdr);
int LUKS_hdr_backup(
const char *backup_file,
const char *device,
struct luks_phdr *hdr,
struct crypt_device *ctx);
int LUKS_set_key(const char *device,
unsigned int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey *mk,
struct setup_backend *backend);
int LUKS_hdr_restore(
const char *backup_file,
const char *device,
struct luks_phdr *hdr,
struct crypt_device *ctx);
int LUKS_open_key(const char *device,
unsigned int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey *mk,
struct setup_backend *backend);
int LUKS_write_phdr(
const char *device,
struct luks_phdr *hdr,
struct crypt_device *ctx);
int LUKS_open_any_key(const char *device,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct setup_backend *backend);
int LUKS_set_key(
const char *device,
unsigned int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey *mk,
uint32_t iteration_time_ms,
uint64_t *PBKDF2_per_sec,
struct crypt_device *ctx);
int LUKS_open_any_key_with_hdr(const char *device,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct setup_backend *backend);
int LUKS_open_key(
const char *device,
unsigned int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey *mk,
struct crypt_device *ctx);
int LUKS_open_key_with_hdr(
const char *device,
int keyIndex,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct crypt_device *ctx);
int LUKS_del_key(
const char *device,
unsigned int keyIndex,
struct luks_phdr *hdr,
struct crypt_device *ctx);
crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
int LUKS_keyslot_active_count(struct luks_phdr *hdr);
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
int LUKS_encrypt_to_storage(
char *src, size_t srcLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector,
struct crypt_device *ctx);
int LUKS_decrypt_from_storage(
char *dst, size_t dstLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector,
struct crypt_device *ctx);
int LUKS_del_key(const char *device, unsigned int keyIndex);
int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
int LUKS_benchmarkt_iterations();
int LUKS_encrypt_to_storage(char *src, size_t srcLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector, struct setup_backend *backend);
int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
struct luks_phdr *hdr,
char *key, size_t keyLength,
const char *device,
unsigned int sector, struct setup_backend *backend);
int LUKS_device_ready(const char *device, int mode);
#endif

312
luks/pbkdf.c
View File

@@ -1,263 +1,102 @@
/* Implementation of Password-Based Cryptography as per PKCS#5
* Copyright (C) 2002,2003 Simon Josefsson
* Copyright (C) 2004 Free Software Foundation
/*
* Copyright 2004 Clemens Fruhwirth <clemens@endorphin.org>
* Implementation of PBKDF2-HMAC-SHA1 according to RFC 2898.
*
* LUKS code
* Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
* Copyright (C) 2009 Red Hat, Inc. All rights reserved.
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This file is distributed in the hope that it will be useful,
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this file; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <netinet/in.h>
#include <errno.h>
#include <signal.h>
#include <alloca.h>
#include <sys/time.h>
#include <gcrypt.h>
static volatile uint64_t __PBKDF2_global_j = 0;
static volatile uint64_t __PBKDF2_performance = 0;
#include "hmac_sha1.h"
#include "XORblock.h"
#include <assert.h>
int init_crypto(void);
static unsigned int *__PBKDF2_global_j;
static unsigned int __PBKDF2_performance=0;
/*
* 5.2 PBKDF2
*
* PBKDF2 applies a pseudorandom function (see Appendix B.1 for an
* example) to derive keys. The length of the derived key is essentially
* unbounded. (However, the maximum effective search space for the
* derived key may be limited by the structure of the underlying
* pseudorandom function. See Appendix B.1 for further discussion.)
* PBKDF2 is recommended for new applications.
*
* PBKDF2 (P, S, c, dkLen)
*
* Options: PRF underlying pseudorandom function (hLen
* denotes the length in octets of the
* pseudorandom function output)
*
* Input: P password, an octet string (ASCII or UTF-8)
* S salt, an octet string
* c iteration count, a positive integer
* dkLen intended length in octets of the derived
* key, a positive integer, at most
* (2^32 - 1) * hLen
*
* Output: DK derived key, a dkLen-octet string
*/
#define MAX_PRF_BLOCK_LEN 80
static int pkcs5_pbkdf2(const char *hash,
const char *P, size_t Plen,
const char *S, size_t Slen,
unsigned int c, unsigned int dkLen,
char *DK, int perfcheck)
void PBKDF2_HMAC_SHA1(const char *password, size_t passwordLen,
const char *salt, size_t saltLen, unsigned int iterations,
char *dKey, size_t dKeyLen)
{
gcry_md_hd_t prf;
char U[MAX_PRF_BLOCK_LEN];
char T[MAX_PRF_BLOCK_LEN];
int PRF, i, k, rc = -EINVAL;
unsigned int u, hLen, l, r;
unsigned char *p;
size_t tmplen = Slen + 4;
char *tmp;
uint32_t i=1;
unsigned int j;
/* U_n is the buffer for U_n values */
unsigned char U_n[SHA1_DIGEST_SIZE];
/* F_buf is the XOR buffer for F function */
char F_buf[SHA1_DIGEST_SIZE];
hmac_ctx templateCtx;
tmp = alloca(tmplen);
if (tmp == NULL)
return -ENOMEM;
/* We need a global pointer for signal handlers */
__PBKDF2_global_j = &j;
if (init_crypto())
return -ENOSYS;
/* Make a template context initialized with password as key */
hmac_sha_begin(&templateCtx);
hmac_sha_key((unsigned char *) password,passwordLen,&templateCtx);
#define HMAC_REINIT(__ctx) memcpy(&__ctx,&templateCtx,sizeof(__ctx))
/* The first hash iteration is done different, therefor
we reduce iterations to conveniently use it as a loop
counter */
assert(iterations != 0);
iterations--;
PRF = gcry_md_map_name(hash);
if (PRF == 0)
return -EINVAL;
while(dKeyLen > 0) {
hmac_ctx ctx;
uint32_t iNetworkOrdered;
unsigned int blocksize = dKeyLen<SHA1_DIGEST_SIZE?dKeyLen:SHA1_DIGEST_SIZE;
hLen = gcry_md_get_algo_dlen(PRF);
if (hLen == 0 || hLen > MAX_PRF_BLOCK_LEN)
return -EINVAL;
j=iterations;
HMAC_REINIT(ctx);
// U_1 hashing
hmac_sha_data((unsigned char *) salt,saltLen,&ctx);
iNetworkOrdered = htonl(i);
hmac_sha_data((unsigned char *)&iNetworkOrdered, sizeof(uint32_t), &ctx);
hmac_sha_end(U_n, SHA1_DIGEST_SIZE, &ctx);
memcpy(F_buf, U_n, SHA1_DIGEST_SIZE);
if (c == 0)
return -EINVAL;
if (dkLen == 0)
return -EINVAL;
/*
*
* Steps:
*
* 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
* stop.
*/
if (dkLen > 4294967295U)
return -EINVAL;
/*
* 2. Let l be the number of hLen-octet blocks in the derived key,
* rounding up, and let r be the number of octets in the last
* block:
*
* l = CEIL (dkLen / hLen) ,
* r = dkLen - (l - 1) * hLen .
*
* Here, CEIL (x) is the "ceiling" function, i.e. the smallest
* integer greater than, or equal to, x.
*/
l = dkLen / hLen;
if (dkLen % hLen)
l++;
r = dkLen - (l - 1) * hLen;
/*
* 3. For each block of the derived key apply the function F defined
* below to the password P, the salt S, the iteration count c, and
* the block index to compute the block:
*
* T_1 = F (P, S, c, 1) ,
* T_2 = F (P, S, c, 2) ,
* ...
* T_l = F (P, S, c, l) ,
*
* where the function F is defined as the exclusive-or sum of the
* first c iterates of the underlying pseudorandom function PRF
* applied to the password P and the concatenation of the salt S
* and the block index i:
*
* F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
*
* where
*
* U_1 = PRF (P, S || INT (i)) ,
* U_2 = PRF (P, U_1) ,
* ...
* U_c = PRF (P, U_{c-1}) .
*
* Here, INT (i) is a four-octet encoding of the integer i, most
* significant octet first.
*
* 4. Concatenate the blocks and extract the first dkLen octets to
* produce a derived key DK:
*
* DK = T_1 || T_2 || ... || T_l<0..r-1>
*
* 5. Output the derived key DK.
*
* Note. The construction of the function F follows a "belt-and-
* suspenders" approach. The iterates U_i are computed recursively to
* remove a degree of parallelism from an opponent; they are exclusive-
* ored together to reduce concerns about the recursion degenerating
* into a small set of values.
*
*/
if(gcry_md_open(&prf, PRF, GCRY_MD_FLAG_HMAC))
return -EINVAL;
if (gcry_md_setkey(prf, P, Plen))
goto out;
for (i = 1; (uint) i <= l; i++) {
memset(T, 0, hLen);
for (u = 1; u <= c ; u++) {
gcry_md_reset(prf);
if (u == 1) {
memcpy(tmp, S, Slen);
tmp[Slen + 0] = (i & 0xff000000) >> 24;
tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
tmp[Slen + 3] = (i & 0x000000ff) >> 0;
gcry_md_write(prf, tmp, tmplen);
} else {
gcry_md_write(prf, U, hLen);
}
p = gcry_md_read(prf, PRF);
if (p == NULL)
goto out;
memcpy(U, p, hLen);
for (k = 0; (uint) k < hLen; k++)
T[k] ^= U[k];
if (perfcheck && __PBKDF2_performance) {
rc = 0;
goto out;
}
if (perfcheck)
__PBKDF2_global_j++;
// U_n hashing
while(j--) {
HMAC_REINIT(ctx);
hmac_sha_data(U_n,SHA1_DIGEST_SIZE, &ctx);
hmac_sha_end(U_n,SHA1_DIGEST_SIZE, &ctx);
XORblock(F_buf,(char*) U_n,F_buf,SHA1_DIGEST_SIZE);
}
memcpy(DK + (i - 1) * hLen, T, (uint) i == l ? r : hLen);
memcpy(dKey,F_buf,blocksize);
dKey+=blocksize; dKeyLen-=blocksize; i++;
}
rc = 0;
out:
gcry_md_close(prf);
return rc;
}
int PBKDF2_HMAC(const char *hash,
const char *password, size_t passwordLen,
const char *salt, size_t saltLen, unsigned int iterations,
char *dKey, size_t dKeyLen)
{
return pkcs5_pbkdf2(hash, password, passwordLen, salt, saltLen,
iterations, (unsigned int)dKeyLen, dKey, 0);
}
int PBKDF2_HMAC_ready(const char *hash)
{
int hash_id = gcry_md_map_name(hash);
if (!hash_id)
return -EINVAL;
/* Used hash must have at least 160 bits */
if (gcry_md_get_algo_dlen(hash_id) < 20)
return -EINVAL;
return 1;
#undef HMAC_REINIT
}
static void sigvtalarm(int foo)
{
__PBKDF2_performance = __PBKDF2_global_j;
__PBKDF2_performance = ~(0U) - *__PBKDF2_global_j;
*__PBKDF2_global_j = 0;
}
/* This code benchmarks PBKDF2 and returns iterations/second using wth specified hash */
int PBKDF2_performance_check(const char *hash, uint64_t *iter)
unsigned int PBKDF2_performance_check()
{
int r;
/* This code benchmarks PBKDF2 and returns
iterations/second per SHA1_DIGEST_SIZE */
char buf;
struct itimerval it;
if (__PBKDF2_global_j)
return -EBUSY;
if (!PBKDF2_HMAC_ready(hash))
return -EINVAL;
if(__PBKDF2_performance != 0) return __PBKDF2_performance;
signal(SIGVTALRM,sigvtalarm);
it.it_interval.tv_usec = 0;
@@ -265,12 +104,11 @@ int PBKDF2_performance_check(const char *hash, uint64_t *iter)
it.it_value.tv_usec = 0;
it.it_value.tv_sec = 1;
if (setitimer (ITIMER_VIRTUAL, &it, NULL) < 0)
return -EINVAL;
return 0;
r = pkcs5_pbkdf2(hash, "foo", 3, "bar", 3, ~(0U), 1, &buf, 1);
*iter = __PBKDF2_performance;
__PBKDF2_global_j = 0;
__PBKDF2_performance = 0;
return r;
PBKDF2_HMAC_SHA1("foo", 3,
"bar", 3, ~(0U),
&buf, 1);
return __PBKDF2_performance;
}

11
luks/pbkdf.h
View File

@@ -5,13 +5,10 @@
/* */
int PBKDF2_HMAC(const char *hash,
const char *password, size_t passwordLen,
const char *salt, size_t saltLen, unsigned int iterations,
char *dKey, size_t dKeyLen);
void PBKDF2_HMAC_SHA1(const char *password, size_t passwordLen,
const char *salt, size_t saltLen, unsigned int iterations,
char *dKey, size_t dKeyLen);
int PBKDF2_performance_check(const char *hash, uint64_t *iter);
int PBKDF2_HMAC_ready(const char *hash);
unsigned int PBKDF2_performance_check();
#endif

145
luks/sha/hmac.c Normal file
View File

@@ -0,0 +1,145 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
This is an implementation of HMAC, the FIPS standard keyed hash function
*/
#include <netinet/in.h>
#include "hmac.h"
#if defined(__cplusplus)
extern "C"
{
#endif
/* initialise the HMAC context to zero */
void hmac_sha_begin(hmac_ctx cx[1])
{
memset(cx, 0, sizeof(hmac_ctx));
}
/* input the HMAC key (can be called multiple times) */
int hmac_sha_key(const unsigned char key[], size_t key_len, hmac_ctx cx[1])
{
if(cx->klen == HMAC_IN_DATA) /* error if further key input */
return HMAC_BAD_MODE; /* is attempted in data mode */
if(cx->klen + key_len > HASH_INPUT_SIZE) /* if the key has to be hashed */
{
if(cx->klen <= HASH_INPUT_SIZE) /* if the hash has not yet been */
{ /* started, initialise it and */
sha_begin(cx->ctx); /* hash stored key characters */
sha_hash(cx->key, cx->klen, cx->ctx);
}
sha_hash(key, key_len, cx->ctx); /* hash long key data into hash */
}
else /* otherwise store key data */
memcpy(cx->key + cx->klen, key, key_len);
cx->klen += key_len; /* update the key length count */
return HMAC_OK;
}
/* input the HMAC data (can be called multiple times) - */
/* note that this call terminates the key input phase */
void hmac_sha_data(const unsigned char data[], size_t data_len, hmac_ctx cx[1])
{ unsigned int i;
if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
{
if(cx->klen > HASH_INPUT_SIZE) /* if key is being hashed */
{ /* complete the hash and */
sha_end(cx->key, cx->ctx); /* store the result as the */
cx->klen = HASH_OUTPUT_SIZE; /* key and set new length */
}
/* pad the key if necessary */
memset(cx->key + cx->klen, 0, HASH_INPUT_SIZE - cx->klen);
/* xor ipad into key value */
for(i = 0; i < (HASH_INPUT_SIZE >> 2); ++i)
((uint32_t*)cx->key)[i] ^= 0x36363636;
/* and start hash operation */
sha_begin(cx->ctx);
sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
/* mark as now in data mode */
cx->klen = HMAC_IN_DATA;
}
/* hash the data (if any) */
if(data_len)
sha_hash(data, data_len, cx->ctx);
}
/* compute and output the MAC value */
void hmac_sha_end(unsigned char mac[], size_t mac_len, hmac_ctx cx[1])
{ unsigned char dig[HASH_OUTPUT_SIZE];
unsigned int i;
/* if no data has been entered perform a null data phase */
if(cx->klen != HMAC_IN_DATA)
hmac_sha_data((const unsigned char*)0, 0, cx);
sha_end(dig, cx->ctx); /* complete the inner hash */
/* set outer key value using opad and removing ipad */
for(i = 0; i < (HASH_INPUT_SIZE >> 2); ++i)
((uint32_t*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
/* perform the outer hash operation */
sha_begin(cx->ctx);
sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
sha_hash(dig, HASH_OUTPUT_SIZE, cx->ctx);
sha_end(dig, cx->ctx);
/* output the hash value */
for(i = 0; i < mac_len; ++i)
mac[i] = dig[i];
}
/* 'do it all in one go' subroutine */
void hmac_sha(const unsigned char key[], size_t key_len,
const unsigned char data[], size_t data_len,
unsigned char mac[], size_t mac_len)
{ hmac_ctx cx[1];
hmac_sha_begin(cx);
hmac_sha_key(key, key_len, cx);
hmac_sha_data(data, data_len, cx);
hmac_sha_end(mac, mac_len, cx);
}
#if defined(__cplusplus)
}
#endif

101
luks/sha/hmac.h Normal file
View File

@@ -0,0 +1,101 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
This is an implementation of HMAC, the FIPS standard keyed hash function
*/
#ifndef _HMAC_H
#define _HMAC_H
#include <memory.h>
#if defined(__cplusplus)
extern "C"
{
#endif
#if !defined(USE_SHA1) && !defined(USE_SHA256)
#error define USE_SHA1 or USE_SHA256 to set the HMAC hash algorithm
#endif
#ifdef USE_SHA1
#include "sha1.h"
#define HASH_INPUT_SIZE SHA1_BLOCK_SIZE
#define HASH_OUTPUT_SIZE SHA1_DIGEST_SIZE
#define sha_ctx sha1_ctx
#define sha_begin sha1_begin
#define sha_hash sha1_hash
#define sha_end sha1_end
#endif
#ifdef USE_SHA256
#include "sha2.h"
#define HASH_INPUT_SIZE SHA256_BLOCK_SIZE
#define HASH_OUTPUT_SIZE SHA256_DIGEST_SIZE
#define sha_ctx sha256_ctx
#define sha_begin sha256_begin
#define sha_hash sha256_hash
#define sha_end sha256_end
#endif
#define HMAC_OK 0
#define HMAC_BAD_MODE -1
#define HMAC_IN_DATA 0xffffffff
typedef struct
{ unsigned char key[HASH_INPUT_SIZE];
sha_ctx ctx[1];
unsigned long klen;
} hmac_ctx;
void hmac_sha_begin(hmac_ctx cx[1]);
int hmac_sha_key(const unsigned char key[], size_t key_len, hmac_ctx cx[1]);
void hmac_sha_data(const unsigned char data[], size_t data_len, hmac_ctx cx[1]);
void hmac_sha_end(unsigned char mac[], size_t mac_len, hmac_ctx cx[1]);
void hmac_sha(const unsigned char key[], size_t key_len,
const unsigned char data[], size_t data_len,
unsigned char mac[], size_t mac_len);
#if defined(__cplusplus)
}
#endif
#endif

2
luks/sha/hmac_sha1.c Normal file
View File

@@ -0,0 +1,2 @@
#define USE_SHA1
#include "hmac.c"

2
luks/sha/hmac_sha1.h Normal file
View File

@@ -0,0 +1,2 @@
#define USE_SHA1
#include "hmac.h"

355
luks/sha/sha1.c Normal file
View File

@@ -0,0 +1,355 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 16/01/2004
This is a byte oriented version of SHA1 that operates on arrays of bytes
stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
*/
#include <string.h> /* for memcpy() etc. */
#include <stdlib.h> /* for _lrotl with VC++ */
#include "sha1.h"
#if defined(__cplusplus)
extern "C"
{
#endif
/*
To obtain the highest speed on processors with 32-bit words, this code
needs to determine the order in which bytes are packed into such words.
The following block of code is an attempt to capture the most obvious
ways in which various environemnts specify their endian definitions.
It may well fail, in which case the definitions will need to be set by
editing at the points marked **** EDIT HERE IF NECESSARY **** below.
*/
/* PLATFORM SPECIFIC INCLUDES */
#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#if defined(__GNUC__) || defined(__GNU_LIBRARY__)
# if defined(__FreeBSD__) || defined(__OpenBSD__)
# include <sys/endian.h>
# elif defined( BSD ) && ( BSD >= 199103 )
# include <machine/endian.h>
# elif defined(__APPLE__)
# if defined(__BIG_ENDIAN__) && !defined( BIG_ENDIAN )
# define BIG_ENDIAN
# elif defined(__LITTLE_ENDIAN__) && !defined( LITTLE_ENDIAN )
# define LITTLE_ENDIAN
# endif
# else
# include <endian.h>
# if !defined(__BEOS__)
# include <byteswap.h>
# endif
# endif
#endif
#if !defined(PLATFORM_BYTE_ORDER)
# if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
# if defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
# elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
# elif defined(BYTE_ORDER) && (BYTE_ORDER == LITTLE_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
# elif defined(BYTE_ORDER) && (BYTE_ORDER == BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
# endif
# elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
# if defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
# elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _LITTLE_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
# endif
# elif defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)
# if defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__)
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
# elif !defined(__LITTLE_ENDIAN__) && defined(__BIG_ENDIAN__)
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __LITTLE_ENDIAN__)
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
# endif
# endif
#endif
/* if the platform is still unknown, try to find its byte order */
/* from commonly used machine defines */
#if !defined(PLATFORM_BYTE_ORDER)
#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
defined( vax ) || defined( vms ) || defined( VMS ) || \
defined( __VMS )
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
defined( __TANDEM ) || defined( THINK_C ) || defined( __VMCMS__ )
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
#else
# error Please edit sha1.c (line 134 or 136) to set the platform byte order
#endif
#endif
#ifdef _MSC_VER
#pragma intrinsic(memcpy)
#endif
#if 0 && defined(_MSC_VER)
#define rotl32 _lrotl
#define rotr32 _lrotr
#else
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
#endif
#if !defined(bswap_32)
#define bswap_32(x) (rotr32((x), 24) & 0x00ff00ff | rotr32((x), 8) & 0xff00ff00)
#endif
#if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
#define SWAP_BYTES
#else
#undef SWAP_BYTES
#endif
#if defined(SWAP_BYTES)
#define bsw_32(p,n) \
{ int _i = (n); while(_i--) ((sha1_32t*)p)[_i] = bswap_32(((sha1_32t*)p)[_i]); }
#else
#define bsw_32(p,n)
#endif
#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
#if 0
#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
#define parity(x,y,z) ((x) ^ (y) ^ (z))
#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#else /* Discovered by Rich Schroeppel and Colin Plumb */
#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define parity(x,y,z) ((x) ^ (y) ^ (z))
#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
#endif
/* Compile 64 bytes of hash data into SHA1 context. Note */
/* that this routine assumes that the byte order in the */
/* ctx->wbuf[] at this point is in such an order that low */
/* address bytes in the ORIGINAL byte stream in this buffer */
/* will go to the high end of 32-bit words on BOTH big and */
/* little endian systems */
#ifdef ARRAY
#define q(v,n) v[n]
#else
#define q(v,n) v##n
#endif
#define one_cycle(v,a,b,c,d,e,f,k,h) \
q(v,e) += rotr32(q(v,a),27) + \
f(q(v,b),q(v,c),q(v,d)) + k + h; \
q(v,b) = rotr32(q(v,b), 2)
#define five_cycle(v,f,k,i) \
one_cycle(v, 0,1,2,3,4, f,k,hf(i )); \
one_cycle(v, 4,0,1,2,3, f,k,hf(i+1)); \
one_cycle(v, 3,4,0,1,2, f,k,hf(i+2)); \
one_cycle(v, 2,3,4,0,1, f,k,hf(i+3)); \
one_cycle(v, 1,2,3,4,0, f,k,hf(i+4))
void sha1_compile(sha1_ctx ctx[1])
{ sha1_32t *w = ctx->wbuf;
#ifdef ARRAY
sha1_32t v[5];
memcpy(v, ctx->hash, 5 * sizeof(sha1_32t));
#else
sha1_32t v0, v1, v2, v3, v4;
v0 = ctx->hash[0]; v1 = ctx->hash[1];
v2 = ctx->hash[2]; v3 = ctx->hash[3];
v4 = ctx->hash[4];
#endif
#define hf(i) w[i]
five_cycle(v, ch, 0x5a827999, 0);
five_cycle(v, ch, 0x5a827999, 5);
five_cycle(v, ch, 0x5a827999, 10);
one_cycle(v,0,1,2,3,4, ch, 0x5a827999, hf(15)); \
#undef hf
#define hf(i) (w[(i) & 15] = rotl32( \
w[((i) + 13) & 15] ^ w[((i) + 8) & 15] \
^ w[((i) + 2) & 15] ^ w[(i) & 15], 1))
one_cycle(v,4,0,1,2,3, ch, 0x5a827999, hf(16));
one_cycle(v,3,4,0,1,2, ch, 0x5a827999, hf(17));
one_cycle(v,2,3,4,0,1, ch, 0x5a827999, hf(18));
one_cycle(v,1,2,3,4,0, ch, 0x5a827999, hf(19));
five_cycle(v, parity, 0x6ed9eba1, 20);
five_cycle(v, parity, 0x6ed9eba1, 25);
five_cycle(v, parity, 0x6ed9eba1, 30);
five_cycle(v, parity, 0x6ed9eba1, 35);
five_cycle(v, maj, 0x8f1bbcdc, 40);
five_cycle(v, maj, 0x8f1bbcdc, 45);
five_cycle(v, maj, 0x8f1bbcdc, 50);
five_cycle(v, maj, 0x8f1bbcdc, 55);
five_cycle(v, parity, 0xca62c1d6, 60);
five_cycle(v, parity, 0xca62c1d6, 65);
five_cycle(v, parity, 0xca62c1d6, 70);
five_cycle(v, parity, 0xca62c1d6, 75);
#ifdef ARRAY
ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
ctx->hash[4] += v[4];
#else
ctx->hash[0] += v0; ctx->hash[1] += v1;
ctx->hash[2] += v2; ctx->hash[3] += v3;
ctx->hash[4] += v4;
#endif
}
void sha1_begin(sha1_ctx ctx[1])
{
ctx->count[0] = ctx->count[1] = 0;
ctx->hash[0] = 0x67452301;
ctx->hash[1] = 0xefcdab89;
ctx->hash[2] = 0x98badcfe;
ctx->hash[3] = 0x10325476;
ctx->hash[4] = 0xc3d2e1f0;
}
/* SHA1 hash data in an array of bytes into hash buffer and */
/* call the hash_compile function as required. */
void sha1_hash(const unsigned char data[], size_t len, sha1_ctx ctx[1])
{ sha1_32t pos = (sha1_32t)(ctx->count[0] & SHA1_MASK),
space = SHA1_BLOCK_SIZE - pos;
const unsigned char *sp = data;
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
while(len >= space) /* tranfer whole blocks if possible */
{
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
sp += space; len -= space; space = SHA1_BLOCK_SIZE; pos = 0;
bsw_32(ctx->wbuf, SHA1_BLOCK_SIZE >> 2);
sha1_compile(ctx);
}
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
}
/* SHA1 final padding and digest calculation */
void sha1_end(unsigned char hval[], sha1_ctx ctx[1])
{ sha1_32t i = (sha1_32t)(ctx->count[0] & SHA1_MASK);
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
bsw_32(ctx->wbuf, (i + 3) >> 2);
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
/* we can always add the first padding byte here because the */
/* buffer always has at least one empty slot */
ctx->wbuf[i >> 2] &= 0xffffff80 << 8 * (~i & 3);
ctx->wbuf[i >> 2] |= 0x00000080 << 8 * (~i & 3);
/* we need 9 or more empty positions, one for the padding byte */
/* (above) and eight for the length count. If there is not */
/* enough space, pad and empty the buffer */
if(i > SHA1_BLOCK_SIZE - 9)
{
if(i < 60) ctx->wbuf[15] = 0;
sha1_compile(ctx);
i = 0;
}
else /* compute a word index for the empty buffer positions */
i = (i >> 2) + 1;
while(i < 14) /* and zero pad all but last two positions */
ctx->wbuf[i++] = 0;
/* the following 32-bit length fields are assembled in the */
/* wrong byte order on little endian machines but this is */
/* corrected later since they are only ever used as 32-bit */
/* word values. */
ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
ctx->wbuf[15] = ctx->count[0] << 3;
sha1_compile(ctx);
/* extract the hash value as bytes in case the hash buffer is */
/* misaligned for 32-bit words */
for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
}
void sha1(unsigned char hval[], const unsigned char data[], size_t len)
{ sha1_ctx cx[1];
sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
}
#if defined(__cplusplus)
}
#endif

85
luks/sha/sha1.h Normal file
View File

@@ -0,0 +1,85 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
#ifndef _SHA1_H
#define _SHA1_H
#include <stddef.h>
#include <limits.h>
#define SHA1_BLOCK_SIZE 64
#define SHA1_DIGEST_SIZE 20
#if defined(__cplusplus)
extern "C"
{
#endif
/* define an unsigned 32-bit type */
#if defined(_MSC_VER)
typedef unsigned long sha1_32t;
#elif defined(ULONG_MAX) && ULONG_MAX == 0xfffffffful
typedef unsigned long sha1_32t;
#elif defined(UINT_MAX) && UINT_MAX == 0xffffffff
typedef unsigned int sha1_32t;
#else
# error Please define sha1_32t as an unsigned 32 bit type in sha1.h
#endif
/* type to hold the SHA256 context */
typedef struct
{ sha1_32t count[2];
sha1_32t hash[5];
sha1_32t wbuf[16];
} sha1_ctx;
/* Note that these prototypes are the same for both bit and */
/* byte oriented implementations. However the length fields */
/* are in bytes or bits as appropriate for the version used */
/* and bit sequences are input as arrays of bytes in which */
/* bit sequences run from the most to the least significant */
/* end of each byte */
void sha1_compile(sha1_ctx ctx[1]);
void sha1_begin(sha1_ctx ctx[1]);
void sha1_hash(const unsigned char data[], size_t len, sha1_ctx ctx[1]);
void sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
void sha1(unsigned char hval[], const unsigned char data[], size_t len);
#if defined(__cplusplus)
}
#endif
#endif

0
tests/compatimage.img.bz2 → luks/testing/compatimage.bz2
View File

0
tests/fileDiffer.py → luks/testing/fileDiffer.py
View File

93
man/cryptsetup.8
View File

@@ -27,9 +27,7 @@ reports the status for the mapping <name>. No options.
.PP
\fIresize\fR <name>
.IP
resizes an active mapping <name>.
If \-\-size (in sectors) is not specified, the size of the underlying block device is used.
resizes an active mapping <name>. <options> must include \-\-size
.PP
.br
.SH LUKS EXTENSION
@@ -52,18 +50,6 @@ opens the LUKS partition <device> and sets up a mapping <name> after successful
.IP
identical to \fIremove\fR.
.PP
\fIluksSuspend\fR <name>
.IP
suspends active device (all IO operations are frozen) and wipes encryption key from kernel. Kernel version 2.6.19 or later is required.
After that operation you have to use \fIluksResume\fR to reinstate encryption key (and resume device) or \fIluksClose\fR to remove mapped device.
\fBWARNING:\fR never try to suspend device where is the cryptsetup binary itself.
.PP
\fIluksResume\fR <name>
.IP
Resumes suspended device and reinstates encryption key. You will need provide passphrase identical to \fIluksOpen\fR command (using prompting or key file).
.PP
\fIluksAddKey\fR <device> [<new key file>]
.IP
add a new key file/passphrase. An existing passphrase or key file (via \-\-key-file) must be supplied. The key file with the new material is supplied as a positional argument. <options> can be [\-\-key-file, \-\-key-slot].
@@ -92,54 +78,18 @@ returns true, if <device> is a LUKS partition. Otherwise, false. No options.
.IP
dumps the header information of a LUKS partition. No options.
.PP
\fIluksHeaderBackup\fR <device> \-\-header-backup-file <file>
.IP
Stores binary backup of LUKS header and keyslot areas.
\fBWARNING:\fR Please note that with this backup file (and old passphrase knowledge) you can decrypt data even if old passphrase was wiped from real device.
Also note that anti-forensic splitter is not used during manipulation with backup file.
.PP
\fIluksHeaderRestore\fR <device> \-\-header-backup-file <file>
.IP
Restores binary backup of LUKS header and keyslot areas from specified file.
\fBWARNING:\fR All the keyslot areas are overwritten, only active keyslots form backup file are available after issuing this command.
This command allows restoring header if device do not contain LUKS header or if the master key size and data offset in LUKS header on device match the backup file.
.PP
For more information about LUKS, see \fBhttp://code.google.com/p/cryptsetup/wiki/Specification\fR
.SH OPTIONS
.TP
.B "\-\-hash, \-h"
For \fIcreate\fR action specifies hash to use for password hashing.
For \fIluksFormat\fR action specifies hash used in LUKS key setup scheme and volume key digest.
\fBWARNING:\fR setting hash other than \fBsha1\fR causes LUKS device incompatible with older version of cryptsetup.
The hash string is passed to libgcrypt, so all hashes accepted by gcrypt are supported.
Default is set during compilation, compatible values with old version of cryptsetup are
\fB"ripemd160"\fR for \fIcreate\fR action and \fB"sha1"\fR for \fIluksFormat\fR.
Use \fIcryptsetup \-\-help\fR to show defaults.
specifies hash to use for password hashing. This option is only relevant for \fIcreate\fR action. The hash string is passed to libgcrypt, so all hashes accepted by gcrypt are supported. Default is "ripemd160".
.TP
.B "\-\-cipher, \-c"
set cipher specification string.
set cipher specification string. For plain dm-crypt mappings, the default is "aes-cbc-plain", for LUKS mappings it's "aes-cbc-essiv:sha256". For pre-2.6.10 kernels, use "aes-plain" as they don't understand the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
Default mode is configurable during compilation,
you can see compiled-in default using \fIcryptsetup \-\-help\fR.
If not changed, the default is for plain dm-crypt and LUKS mappings
"aes-cbc-essiv:sha256".
For pre-2.6.10 kernels, use "aes-plain" as they don't understand
the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
For XTS mode, kernel version 2.6.24 or more recent is required.
Use "aes-xts-plain" cipher specification and set key size to 256 (or 512) bits (see \-s option).
For XTS mode, kernel version 2.6.24 or more recent is required. Use "aes-xts-plain" cipher specification and set key size to 256 (or 512) bits (see \-s option).
.TP
.B "\-\-verify-passphrase, \-y"
query for passwords twice. Useful when creating a (regular) mapping for the first time, or when running \fIluksFormat\fR.
@@ -149,24 +99,11 @@ use file as key material. With LUKS, key material supplied in key files via \-d
If the key file is "-", stdin will be used. This is different from how cryptsetup usually reads from stdin. See section \fBNOTES ON PASSWORD PROCESSING\fR for more information.
.TP
.B "\-\-master-key-file"
Use pre-generated master key stored in file. For \fIluksFormat\fR it allows LUKS header reformatting with the same master key (if all other parameters are the same existing encrypted data remains intact).
For \fIluksAddKey\fR it allows adding new passphrase with only master key knowledge.
.TP
.B "\-\-key-slot, \-S"
For LUKS operations that add key material, this options allows to you specify which key slot is selected for the new key. This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
.TP
.B "\-\-key-size, \-s"
set key size in bits.
Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information.
Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will use key-size specified by the LUKS header.
Default is set during compilation, if not changed it is 256 bits.
Use \fIcryptsetup \-\-help\fR to show defaults.
For \fIluksOpen\fR this option specifies number of bits read from the key-file (default is exhaustive read from key-file).
set key size in bits. Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will ignore this flag, as the key-size is specified by the partition header. Default is 128 for \fIluksFormat\fR and 256 for \fIcreate\fR.
.TP
.B "\-\-size, \-b"
force the size of the underlying device in sectors.
@@ -187,7 +124,7 @@ set up a read-only mapping.
The number of milliseconds to spend with PBKDF2 password processing. This option is only relevant to the LUKS operations as \fIluksFormat\fR or \fIluksAddKey\fR.
.TP
.B "\-\-batch-mode, \-q"
Do not ask for confirmation. Use with care! This option is only relevant for \fIluksFormat\fR, \fIluksAddKey\fR, \fIluksRemoveKey\fR or \fIluksKillSlot\fR.
Do not ask for confirmation. Use with care! This option is only relevant for \fIluksFormat\fR,\fIluksAddKey\fR,\fIluksRemoveKey\fR or \fIluksKillSlot\fR.
.TP
.B "\-\-timeout, \-t"
The number of seconds to wait before timeout. This option is relevant every time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.
@@ -214,6 +151,8 @@ Instead, it will be zero padded (if shorter than the keysize) or truncated (if l
If \-\-key-file=- is used for reading the key from stdin, no trailing newline is stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input.
.SH NOTES ON PASSWORD PROCESSING FOR LUKS
LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).
LUKS will always use SHA1 in HMAC mode, and no other mode is supported at the moment.
Hence, \-h is ignored.
LUKS will always do an exhaustive password reading. Hence, password can not be read from /dev/random, /dev/zero or any other stream that does not terminate.
@@ -221,14 +160,6 @@ LUKS saves the processing options when a password is set to the respective key s
Therefore, no options can be given to luksOpen.
For any password creation action (luksAddKey, or luksFormat), the user may specify how much the time the password processing should consume.
Increasing the time will lead to a more secure password, but also will take luksOpen longer to complete. The default setting of one second is sufficient for good security.
.SH INCOHERENT BEHAVIOUR FOR INVALID PASSWORDS/KEYS
LUKS checks for a valid password or key when an encrypted partition is unlocked. Thus the luksOpen action fails with invalid password or key, contrary to the plain dm-crypt create action.
Please also be sure that you are using the same keyboard and language setting as during device format.
.SH NOTES ON SUPPORTED CIPHERS, MODES, HASHES AND KEY SIZES
The available combinations of ciphers, modes, hashes and key sizes depend on kernel support. See /proc/crypto for a list of available options. You might need to load additional kernel crypto modules in order to get more options.
For \-\-hash option all algorithms supported by gcrypt library are available.
.SH NOTES ON PASSWORDS
Mathematics can't be bribed. Make sure you keep your passwords safe. There are a few nice tricks for constructing a fallback, when suddenly out of (or after being) blue, your brain refuses to cooperate. These fallbacks are possible with LUKS, as it's only possible with LUKS to have multiple passwords.
.SH AUTHORS
@@ -264,11 +195,7 @@ functionality, see dmsetup reload.
identical to luksKillSlot, but deprecated action name. This option was
renamed, as we introduced luksRemoveKey, a softer method for disabling
password slots. To make a clear distinction that luksDelKey was more brutal than luksRemoveKey
.PP
\fI\-\-non-exclusive\fR
.IP
This option is ignored. Non-exclusive access to the same block device
can cause data corruption thus this mode is no longer supported by cryptsetup.
.SH "REPORTING BUGS"
Report bugs to <dm-crypt@saout.de>.
@@ -276,8 +203,6 @@ Report bugs to <dm-crypt@saout.de>.
Copyright \(co 2004 Christophe Saout
.br
Copyright \(co 2004-2006 Clemens Fruhwirth
.br
Copyright \(co 2009 Red Hat, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

9
po/ChangeLog Normal file
View File

@@ -0,0 +1,9 @@
2006-11-28 gettextize <bug-gnu-gettext@gnu.org>
* Makefile.in.in: Upgrade to gettext-0.15.
2006-09-26 gettextize <bug-gnu-gettext@gnu.org>
* Makefile.in.in: Upgrade to gettext-0.14.4.
* Rules-quot: Upgrade to gettext-0.14.4.

6
po/LINGUAS
View File

@@ -1,7 +1,3 @@
de
fr
id
it
nl
sv
vi

41
po/Makevars
View File

@@ -1,41 +0,0 @@
# Makefile variables for PO directory in any package using GNU gettext.
# Usually the message domain is the same as the package name.
DOMAIN = $(PACKAGE)
# These two variables depend on the location of this directory.
subdir = po
top_builddir = ..
# These options get passed to xgettext.
XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
# This is the copyright holder that gets inserted into the header of the
# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
# package. (Note that the msgstr strings, extracted from the package's
# sources, belong to the copyright holder of the package.) Translators are
# expected to transfer the copyright for their translations to this person
# or entity, or to disclaim their copyright. The empty string stands for
# the public domain; in this case the translators are expected to disclaim
# their copyright.
COPYRIGHT_HOLDER =
# This is the email address or URL to which the translators shall report
# bugs in the untranslated strings:
# - Strings which are not entire sentences, see the maintainer guidelines
# in the GNU gettext documentation, section 'Preparing Strings'.
# - Strings which use unclear terms or require additional context to be
# understood.
# - Strings which make invalid assumptions about notation of date, time or
# money.
# - Pluralisation problems.
# - Incorrect English spelling.
# - Incorrect formatting.
# It can be your email address, or a mailing list address where translators
# can write to without being subscribed, or the URL of a web page through
# which the translators can contact you.
MSGID_BUGS_ADDRESS = dm-crypt@saout.de
# This is the list of locale categories, beyond LC_MESSAGES, for which the
# message catalogs shall be used. It is usually empty.
EXTRA_LOCALE_CATEGORIES =

14
po/POTFILES.in
View File

@@ -1,9 +1,21 @@
# List of source files containing translatable strings.
# Please keep this file sorted alphabetically.
lib/backends.c
lib/gcrypt.c
lib/libdevmapper.c
lib/setup.c
lib/utils.c
luks/af.c
luks/hexprint.c
luks/keyencryption.c
luks/keymanage.c
luks/pbkdf.c
luks/random.c
lib/backends.c
lib/gcrypt.c
lib/libdevmapper.c
lib/setup.c
lib/utils.c
lib/utils_debug.c
luks/af.c
luks/hexprint.c
luks/keyencryption.c

298
po/cryptsetup-luks.pot Normal file
View File

@@ -0,0 +1,298 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-01-02 16:49+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
#: luks/keyencryption.c:61
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr ""
#: luks/keyencryption.c:109
msgid "Failed to obtain device mapper directory."
msgstr ""
#: luks/keymanage.c:79 luks/keymanage.c:120 luks/keymanage.c:390
#, c-format
msgid "Can't open device: %s\n"
msgstr ""
#: luks/keymanage.c:86
#, c-format
msgid "%s is not a LUKS partition\n"
msgstr ""
#: luks/keymanage.c:89
msgid "unknown hash spec in phdr"
msgstr ""
#: luks/keymanage.c:92
#, c-format
msgid "unknown version %d\n"
msgstr ""
#: luks/keymanage.c:213
#, c-format
msgid "key %d active, purge first.\n"
msgstr ""
#: luks/keymanage.c:218
#, c-format
msgid ""
"key material section %d includes too few stripes. Header manipulation?\n"
msgstr ""
#: luks/keymanage.c:281
#, c-format
msgid "key %d is disabled.\n"
msgstr ""
#: luks/keymanage.c:427
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr ""
#: src/cryptsetup.c:56
msgid "<name> <device>"
msgstr ""
#: src/cryptsetup.c:56
msgid "create device"
msgstr ""
#: src/cryptsetup.c:57 src/cryptsetup.c:58 src/cryptsetup.c:59
#: src/cryptsetup.c:60 src/cryptsetup.c:67
msgid "<name>"
msgstr ""
#: src/cryptsetup.c:57
msgid "remove device"
msgstr ""
#: src/cryptsetup.c:58
msgid "modify active device"
msgstr ""
#: src/cryptsetup.c:59
msgid "resize active device"
msgstr ""
#: src/cryptsetup.c:60
msgid "show device status"
msgstr ""
#: src/cryptsetup.c:61 src/cryptsetup.c:64
msgid "<device> [<new key file>]"
msgstr ""
#: src/cryptsetup.c:61
msgid "formats a LUKS device"
msgstr ""
#: src/cryptsetup.c:62
msgid "<device> <name> "
msgstr ""
#: src/cryptsetup.c:62
msgid "open LUKS device as mapping <name>"
msgstr ""
#: src/cryptsetup.c:63
msgid "<device> <key slot>"
msgstr ""
#: src/cryptsetup.c:63
msgid "wipes key with number <key slot> from LUKS device"
msgstr ""
#: src/cryptsetup.c:64
msgid "add key to LUKS device"
msgstr ""
#: src/cryptsetup.c:65 src/cryptsetup.c:66 src/cryptsetup.c:68
msgid "<device>"
msgstr ""
#: src/cryptsetup.c:65
msgid "print UUID of LUKS device"
msgstr ""
#: src/cryptsetup.c:66
msgid "tests <device> for LUKS partition header"
msgstr ""
#: src/cryptsetup.c:67
msgid "remove LUKS mapping"
msgstr ""
#: src/cryptsetup.c:68
msgid "dump LUKS partition information"
msgstr ""
#: src/cryptsetup.c:77
#, c-format
msgid "Command successful.\n"
msgstr ""
#: src/cryptsetup.c:90
#, c-format
msgid "Command failed"
msgstr ""
#: src/cryptsetup.c:226
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr ""
#: src/cryptsetup.c:227
msgid "memory allocation error in action_luksFormat"
msgstr ""
#: src/cryptsetup.c:269
msgid ""
"This is the last keyslot. Device will become unusable after purging this key."
msgstr ""
#: src/cryptsetup.c:349
#, c-format
msgid ""
"\n"
"<action> is one of:\n"
msgstr ""
#: src/cryptsetup.c:355
#, c-format
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
#: src/cryptsetup.c:371
msgid "Show this help message"
msgstr ""
#: src/cryptsetup.c:372
msgid "Display brief usage"
msgstr ""
#: src/cryptsetup.c:376
msgid "Help options:"
msgstr ""
#: src/cryptsetup.c:377
msgid "Shows more detailed error messages"
msgstr ""
#: src/cryptsetup.c:378
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr ""
#: src/cryptsetup.c:379
msgid "The hash used to create the encryption key from the passphrase"
msgstr ""
#: src/cryptsetup.c:380
msgid "Verifies the passphrase by asking for it twice"
msgstr ""
#: src/cryptsetup.c:381
msgid "Read the key from a file (can be /dev/random)"
msgstr ""
#: src/cryptsetup.c:382
msgid "The size of the encryption key"
msgstr ""
#: src/cryptsetup.c:382
msgid "BITS"
msgstr ""
#: src/cryptsetup.c:383
msgid "The size of the device"
msgstr ""
#: src/cryptsetup.c:383 src/cryptsetup.c:384 src/cryptsetup.c:385
#: src/cryptsetup.c:393
msgid "SECTORS"
msgstr ""
#: src/cryptsetup.c:384
msgid "The start offset in the backend device"
msgstr ""
#: src/cryptsetup.c:385
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr ""
#: src/cryptsetup.c:386
msgid "Create a readonly mapping"
msgstr ""
#: src/cryptsetup.c:387
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr ""
#: src/cryptsetup.c:388
msgid "msecs"
msgstr ""
#: src/cryptsetup.c:389
msgid "Do not ask for confirmation"
msgstr ""
#: src/cryptsetup.c:390
msgid "Print package version"
msgstr ""
#: src/cryptsetup.c:391
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr ""
#: src/cryptsetup.c:391
msgid "secs"
msgstr ""
#: src/cryptsetup.c:392
msgid "How often the input of the passphrase can be retried"
msgstr ""
#: src/cryptsetup.c:393
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr ""
#: src/cryptsetup.c:409
msgid "[OPTION...] <action> <action-specific>]"
msgstr ""
#: src/cryptsetup.c:445
msgid "Key size must be a multiple of 8 bits"
msgstr ""
#: src/cryptsetup.c:449
msgid "Argument <action> missing."
msgstr ""
#: src/cryptsetup.c:455
msgid "Unknown action."
msgstr ""
#: src/cryptsetup.c:470
#, c-format
msgid "%s: requires %s as arguments"
msgstr ""

1112
po/de.po
View File

File diff suppressed because it is too large Load Diff

765
po/fr.po
View File

@@ -1,765 +0,0 @@
# Messages français pour cryptsetup.
# Copyright (C) 2009 Free Software Foundation, Inc.
# This file is put in the public domain.
# Solveig <perso@solveig.org>, 2009.
msgid ""
msgstr ""
"Project-Id-Version: cryptsetup 1.1.0-rc3\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
"POT-Creation-Date: 2009-11-26 14:13+0100\n"
"PO-Revision-Date: 2009-11-27 20:10+0100\n"
"Last-Translator: Solveig <perso@solveig.org>\n"
"Language-Team: French <traduc@traduc.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: lib/libdevmapper.c:48
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Impossible d'initialiser le « device-mapper ». Le module noyau dm_mod est-il chargé ?\n"
#: lib/libdevmapper.c:304
#, c-format
msgid "DM-UUID for device %s was truncated.\n"
msgstr "Le DM-UUID du périphérique %s a été tronqué.\n"
#: lib/setup.c:103
#, fuzzy, c-format
msgid "Cannot not read %d bytes from key file %s.\n"
msgstr "Échec à la lecture de %d octets du fichier contenant la clé.\n"
#: lib/setup.c:115
msgid "Key processing error.\n"
msgstr "Erreur de traitement de la clé.\n"
#: lib/setup.c:169
msgid "All key slots full.\n"
msgstr "Tous les emplacements de clés sont utilisés.\n"
#: lib/setup.c:176 lib/setup.c:304 lib/setup.c:778
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "L'emplacement de clé %d n'est pas valide, merci d'en choisir un entre 0 et %d.\n"
#: lib/setup.c:182
#, c-format
msgid "Key slot %d is full, please select another one.\n"
msgstr "L'emplacement de clé %d est utilisé, merci d'en sélectionner un autre.\n"
#: lib/setup.c:201
msgid "Enter any remaining LUKS passphrase: "
msgstr "Entrez une phrase de passe LUKS qui restera valide :"
#: lib/setup.c:222
#, c-format
msgid "Key slot %d verified.\n"
msgstr "L'emplacement de clé %d a été vérifié.\n"
#: lib/setup.c:257
#, c-format
msgid "Cannot get info about device %s.\n"
msgstr "Impossible d'obtenir des informations au sujet du périphérique %s.\n"
#: lib/setup.c:264
#, c-format
msgid "Device %s has zero size.\n"
msgstr "Le périphérique %s a une taille nulle.\n"
#: lib/setup.c:268
#, c-format
msgid "Device %s is too small.\n"
msgstr "Le périphérique %s est trop petit.\n"
#: lib/setup.c:293
msgid "Enter LUKS passphrase to be deleted: "
msgstr "Entrez la phrase de passe LUKS à effacer :"
#: lib/setup.c:299
#, c-format
msgid "key slot %d selected for deletion.\n"
msgstr "l'emplacement de clé %d est sélectionné pour la suppression.\n"
#: lib/setup.c:310
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr "La clé %d n'est pas active. Impossible de l'effacer.\n"
#: lib/setup.c:316
msgid ""
"This is the last keyslot. Device will become unusable after purging this key."
msgstr "Ceci est le dernier emplacement de clé. Le périphérique sera inutilisable après la suppression de cette clé."
#: lib/setup.c:364 lib/setup.c:1650 lib/setup.c:1703 lib/setup.c:1760
#, c-format
msgid "Device %s already exists.\n"
msgstr "Le périphérique %s existe déjà.\n"
#: lib/setup.c:369
#, c-format
msgid "Invalid key size %d.\n"
msgstr "%d n'est pas une taille de clé valide.\n"
#: lib/setup.c:471 lib/setup.c:1655
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Entrez la phrase de passe pour %s :"
#: lib/setup.c:600 lib/setup.c:628 lib/setup.c:1364 lib/setup.c:1711
msgid "Enter passphrase: "
msgstr "Entrez la phrase de passe :"
#: lib/setup.c:661 lib/setup.c:1040 lib/setup.c:1802
#, c-format
msgid "Device %s is not active.\n"
msgstr "Le périphérique %s n'est pas activé.\n"
#: lib/setup.c:770
msgid "No known cipher specification pattern detected.\n"
msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté.\n"
#: lib/setup.c:784
msgid "Enter LUKS passphrase: "
msgstr "Entrez la phrase de passe LUKS :"
#: lib/setup.c:1060
msgid "Invalid plain crypt parameters.\n"
msgstr "Paramètres de chiffrement non valides.\n"
#: lib/setup.c:1065
msgid "Invalid key size.\n"
msgstr "La taille de la clé n'est pas valide.\n"
#: lib/setup.c:1097
msgid "Can't format LUKS without device.\n"
msgstr "Impossible de formater en LUKS sans périphérique.\n"
#: lib/setup.c:1111
#, c-format
msgid "Can't wipe header on device %s.\n"
msgstr "Impossible d'effacer l'en-tête du périphérique %s.\n"
#: lib/setup.c:1153
#, c-format
msgid "Unkown crypt device type %s requesed.\n"
msgstr "Le type de chiffrement de périphérique demandé (%s) est inconnu.\n"
#: lib/setup.c:1186
msgid "Cannot initialize crypto backend.\n"
msgstr "Impossible d'initialiser le « backend » de chiffrement.\n"
#: lib/setup.c:1260
#, c-format
msgid "Volume %s is not active.\n"
msgstr "Le volume %s n'est pas actif.\n"
#: lib/setup.c:1273
#, c-format
msgid "Volume %s is already suspended.\n"
msgstr "Le volume %s est déjà en hibernation.\n"
#: lib/setup.c:1299 lib/setup.c:1346 lib/setup.c:1405 lib/setup.c:1483
#: lib/setup.c:1555 lib/setup.c:1600 lib/setup.c:1694 lib/setup.c:1751
#: lib/setup.c:1872 lib/setup.c:1955 lib/setup.c:2055
msgid "This operation is supported only for LUKS device.\n"
msgstr "Cette opération n'est possible que pour les périphériques LUKS.\n"
#: lib/setup.c:1310 lib/setup.c:1357
#, c-format
msgid "Volume %s is not suspended.\n"
msgstr "Le volume %s n'est pas en hibernation.\n"
#: lib/setup.c:1419 lib/setup.c:1497
msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume.\n"
#: lib/setup.c:1428 lib/setup.c:1503 lib/setup.c:1506
msgid "Enter any passphrase: "
msgstr "Entrez une phrase de passe :"
#: lib/setup.c:1447 lib/setup.c:1521 lib/setup.c:1525 lib/setup.c:1578
msgid "Enter new passphrase for key slot: "
msgstr "Entrez une nouvelle phrase de passe pour l'emplacement de clé :"
#: lib/setup.c:1569 lib/setup.c:1771 lib/setup.c:1883
msgid "Volume key does not match the volume.\n"
msgstr "Ceci n'est pas la clé du volume.\n"
#: lib/setup.c:1606
#, c-format
msgid "Key slot %d is invalid.\n"
msgstr "L'emplacement de clé %d n'est pas valide.\n"
#: lib/setup.c:1611
#, c-format
msgid "Key slot %d is not used.\n"
msgstr "L'emplacement de clé %d n'est pas utilisé.\n"
#: lib/setup.c:1798
#, c-format
msgid "Device %s is busy.\n"
msgstr "Le périphérique %s est occupé.\n"
#: lib/setup.c:1806
#, c-format
msgid "Invalid device %s.\n"
msgstr "Le périphérique %s n'est pas valide.\n"
#: lib/setup.c:1830
msgid "Volume key buffer too small.\n"
msgstr "Le tampon de la clé du volume est trop petit.\n"
#: lib/setup.c:1838
msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Impossible de récupérer la clé du volume pour les périphériques de type « plain ».\n"
#: lib/setup.c:1860
#, c-format
msgid "This operation is not supported for %s crypt device.\n"
msgstr "Cette opération n'est pas possible pour les périphériques chiffrés de type « %s ».\n"
#: lib/utils.c:521
#, c-format
msgid "Device %s doesn't exist or access denied.\n"
msgstr "Le périphérique %s n'existe pas, ou l'accès y est interdit.\n"
#: lib/utils.c:528
#, c-format
msgid "Cannot open device %s for %s%s access.\n"
msgstr "Impossible d'ouvrir le périphérique %s pour un accès %s%s.\n"
#: lib/utils.c:529
msgid "exclusive "
msgstr "exclusif "
#: lib/utils.c:530
msgid "writable"
msgstr "en écriture"
#: lib/utils.c:530
msgid "read-only"
msgstr "en lecture seule"
#: lib/utils.c:537
#, c-format
msgid "Cannot read device %s.\n"
msgstr "Impossible de lire le périphérique %s.\n"
#: lib/utils.c:567
#, c-format
msgid "Cannot open device: %s\n"
msgstr "Impossible d'ouvrir le périphérique : %s\n"
#: lib/utils.c:577
#, c-format
msgid "BLKROGET failed on device %s.\n"
msgstr "BLKROGET a échoué sur le périphérique %s.\n"
#: lib/utils.c:602
#, c-format
msgid "BLKGETSIZE failed on device %s.\n"
msgstr "BLKGETSIZE a échoué sur le périphérique %s.\n"
#: lib/utils.c:650
msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
msgstr "ATTENTION !!! La mémoire n'est peut-être pas sécurisée. Êtes-vous super-utilisateur ?\n"
#: lib/utils.c:656
msgid "Cannot get process priority.\n"
msgstr "Impossible d'obtenir la priorité du processus.\n"
#: lib/utils.c:659 lib/utils.c:672
#, c-format
msgid "setpriority %u failed: %s"
msgstr "la priorité n'a pu être définie à %u avec « setpriority » : %s"
#: lib/utils.c:670
msgid "Cannot unlock memory."
msgstr "Impossible de débloquer la mémoire."
#: luks/keyencryption.c:68
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr "Impossible d'obtenir la taille de secteur de %s"
#: luks/keyencryption.c:137
msgid "Failed to obtain device mapper directory."
msgstr "Impossible d'obtenir l'annuaire du device mapper."
#: luks/keyencryption.c:153
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"
"%s"
msgstr ""
"Impossible de configurer la clé dm-crypt pour le périphérique %s.\n"
"Vérifiez que votre noyau supporte le chiffrement %s (pour davantage d'informations, regardez dans les journaux du système).\n"
"%s"
#: luks/keyencryption.c:163
msgid "Failed to open temporary keystore device.\n"
msgstr "Échec lors de l'ouverture du périphérique de stockage temporaire de clé.\n"
#: luks/keyencryption.c:170
msgid "Failed to access temporary keystore device.\n"
msgstr "Impossible d'accéder au périphérique de stockage temporaire de clé.\n"
#: luks/keymanage.c:91
#, c-format
msgid "Requested file %s already exist.\n"
msgstr "Le fichier demandé (%s) existe déjà.\n"
#: luks/keymanage.c:111
#, c-format
msgid "Device %s is not LUKS device.\n"
msgstr "%s n'est pas un périphérique LUKS.\n"
#: luks/keymanage.c:131
#, c-format
msgid "Cannot write header backup file %s.\n"
msgstr "Impossible d'écrire le fichier de sauvegarde d'en-tête %s.\n"
#: luks/keymanage.c:158
#, c-format
msgid "Backup file %s doesn't exist.\n"
msgstr "Le fichier de sauvegarde %s n'existe pas.\n"
#: luks/keymanage.c:166
msgid "Backup file do not contain valid LUKS header.\n"
msgstr "Le fichier de sauvegarde ne contient pas d'en-tête LUKS valide.\n"
#: luks/keymanage.c:179
#, c-format
msgid "Cannot open header backup file %s.\n"
msgstr "Impossible d'ouvrir le fichier de sauvegarde d'en-tête %s.\n"
#: luks/keymanage.c:185
#, c-format
msgid "Cannot read header backup file %s.\n"
msgstr "Impossible de lire le fichier de sauvegarde d'en-tête %s.\n"
#: luks/keymanage.c:196
msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Il y a une incohérence entre le périphérique et la sauvegarde, au niveau du décalage des données (« offset ») ou de la taille de la clé. La restauration a échoué.\n"
#: luks/keymanage.c:204
#, c-format
msgid "Device %s %s%s"
msgstr "Périphérique %s %s%s"
#: luks/keymanage.c:205
msgid ""
"does not contain LUKS header. Replacing header can destroy data on that "
"device."
msgstr "ne contient pas d'en-tête LUKS. Remplacer l'en-tête peut détruire les données de ce périphérique."
#: luks/keymanage.c:206
msgid ""
"already contains LUKS header. Replacing header will destroy existing "
"keyslots."
msgstr "contient déjà un en-tête LUKS. Remplacer l'en-tête détruira les emplacements de clés actuels."
#: luks/keymanage.c:207
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgstr "\nATTENTION : l'en-tête du périphérique a un UUID différent de celui de la sauvegarde !"
#: luks/keymanage.c:222 luks/keymanage.c:319 luks/keymanage.c:354
#, c-format
msgid "Cannot open device %s.\n"
msgstr "Impossible d'ouvrir le périphérique %s.\n"
#: luks/keymanage.c:254
#, c-format
msgid "%s is not LUKS device.\n"
msgstr "%s n'est pas un périphérique LUKS.\n"
#: luks/keymanage.c:256
#, c-format
msgid "%s is not LUKS device."
msgstr "%s n'est pas un périphérique LUKS."
#: luks/keymanage.c:259
#, c-format
msgid "Unsupported LUKS version %d.\n"
msgstr "La version %d de LUKS n'est pas supportée.\n"
#: luks/keymanage.c:262
#, c-format
msgid "Requested LUKS hash %s is not supported.\n"
msgstr "L'algorithme de hachage LUKS demandé (%s) n'est pas supporté.\n"
#: luks/keymanage.c:293
#, c-format
msgid "Cannot open file %s.\n"
msgstr "Impossible d'ouvrir le fichier %s.\n"
#: luks/keymanage.c:331
#, c-format
msgid "LUKS header detected but device %s is too small.\n"
msgstr "En-tête LUKs détecté mais le périphérique %s est trop petit.\n"
#: luks/keymanage.c:375
#, c-format
msgid "Error during update of LUKS header on device %s.\n"
msgstr "Erreur lors de la mise à jour de l'en-tête LUKS sur le périphérique %s.\n"
#: luks/keymanage.c:382
#, c-format
msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Erreur lors de la relecture de l'en-tête LUKS après la mise à jour sur le périphérique %s.\n"
#: luks/keymanage.c:422
msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Impossible de créer un en-tête LUKS : échec lors de la lecture de l'aléa.\n"
#: luks/keymanage.c:433
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Impossible de créer un en-tête LUKS : le résumé (« digest ») de l'en-tête a échoué (en utilisant l'algorithme de hachage %s).\n"
#: luks/keymanage.c:450
msgid "Wrong UUID format provided, generating new one.\n"
msgstr "Le format d'UUID fourni est incorrect, un nouvel UUID sera généré.\n"
#: luks/keymanage.c:475
#, c-format
msgid "Key slot %d active, purge first.\n"
msgstr "L'emplacement de clé %d est activé, effacez-le d'abord.\n"
#: luks/keymanage.c:480
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Le matériel de clé contenu à l'emplacement %d a trop peu de « stripes ». L'en-tête a-t-il été modifié ?\n"
#: luks/keymanage.c:489
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Les options PBKDF2 ne sont pas compatibles (en utilisant l'algorithme de hachage %s)."
#: luks/keymanage.c:536
msgid "Failed to write to key storage.\n"
msgstr "Échec lors de l'écriture à l'emplacement de stockage de la clé.\n"
#: luks/keymanage.c:613
msgid "Failed to read from key storage.\n"
msgstr "Échec lors de la lecture depuis l'emplacement de stockage de la clé.\n"
#: luks/keymanage.c:622
#, c-format
msgid "Key slot %d unlocked.\n"
msgstr "L'emplacement de clé %d a été débloqué.\n"
#: luks/keymanage.c:655
msgid "No key available with this passphrase.\n"
msgstr "Aucune clé n'est disponible avec cette phrase de passe.\n"
#: luks/keymanage.c:732
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "L'emplacement de clé %d n'est pas valide, merci de sélectionner un emplacement entre 0 et %d.\n"
#: luks/keymanage.c:744
#, c-format
msgid "Cannot wipe device %s.\n"
msgstr "Impossible d'effacer de façon sécurisée le périphérique %s.\n"
#: src/cryptsetup.c:71 src/cryptsetup.c:89
msgid "<name> <device>"
msgstr "<nom> <périphérique>"
#: src/cryptsetup.c:71
msgid "create device"
msgstr "créer un périphérique"
#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
#: src/cryptsetup.c:82
msgid "<name>"
msgstr "<nom>"
#: src/cryptsetup.c:72
msgid "remove device"
msgstr "retirer le périphérique"
#: src/cryptsetup.c:73
msgid "resize active device"
msgstr "redimensionner le périphérique actif"
#: src/cryptsetup.c:74
msgid "show device status"
msgstr "afficher le statut du périphérique"
#: src/cryptsetup.c:75 src/cryptsetup.c:77
msgid "<device> [<new key file>]"
msgstr "<périphérique> [<fichier de la nouvelle clé>]"
#: src/cryptsetup.c:75
msgid "formats a LUKS device"
msgstr "formate un périphérique LUKS"
#: src/cryptsetup.c:76
msgid "<device> <name> "
msgstr "<périphérique> <nom> "
#: src/cryptsetup.c:76
msgid "open LUKS device as mapping <name>"
msgstr "ouvrir un périphérique LUKS avec <nom> comme « mapping »"
#: src/cryptsetup.c:77
msgid "add key to LUKS device"
msgstr "ajouter une clé au périphérique LUKS"
#: src/cryptsetup.c:78
msgid "<device> [<key file>]"
msgstr "<périphérique> [<fichier de clé>]"
#: src/cryptsetup.c:78
msgid "removes supplied key or key file from LUKS device"
msgstr "retire du périphérique LUKS la clé ou le fichier de clé fourni"
#: src/cryptsetup.c:79 src/cryptsetup.c:88
msgid "<device> <key slot>"
msgstr "<périphérique> <emplacement de clé>"
#: src/cryptsetup.c:79
msgid "wipes key with number <key slot> from LUKS device"
msgstr "efface de façon sécurisée la clé avec le numéro <emplacement de clé> du périphérique LUKS"
#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
#: src/cryptsetup.c:87
msgid "<device>"
msgstr "<périphérique>"
#: src/cryptsetup.c:80
msgid "print UUID of LUKS device"
msgstr "afficher l'UUID du périphérique LUKS"
#: src/cryptsetup.c:81
msgid "tests <device> for LUKS partition header"
msgstr "teste si <périphérique> a un en-tête de partition LUKS"
#: src/cryptsetup.c:82
msgid "remove LUKS mapping"
msgstr "retirer le « mapping » LUKS"
#: src/cryptsetup.c:83
msgid "dump LUKS partition information"
msgstr "afficher les informations LUKS de la partition"
#: src/cryptsetup.c:84
msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgstr "Mettre le périphérique LUKS en hibernation et effacer de façon sécurisée la clé (toutes les entrées/sorties sont suspendues)."
#: src/cryptsetup.c:85
msgid "Resume suspended LUKS device."
msgstr "Réveiller le périphérique LUKS de son hibernation."
#: src/cryptsetup.c:86
msgid "Backup LUKS device header and keyslots"
msgstr "Sauvegarder l'en-tête et les emplacements de clés du périphérique LUKS"
#: src/cryptsetup.c:87
msgid "Restore LUKS device header and keyslots"
msgstr "Restaurer l'en-tête et les emplacements de clés du périphérique LUKS"
#: src/cryptsetup.c:88
msgid "identical to luksKillSlot - DEPRECATED - see man page"
msgstr "identique à luksKillSlot - OBSOLÈTE - voir la page de man"
#: src/cryptsetup.c:89
msgid "modify active device - DEPRECATED - see man page"
msgstr "modifier le périphérique actif - OBSOLÈTE - voir la page de man"
#: src/cryptsetup.c:180
msgid "Command successful.\n"
msgstr "Opération réussie.\n"
#: src/cryptsetup.c:194
#, c-format
msgid "Command failed with code %i"
msgstr "L'opération a échoué, code %i"
#: src/cryptsetup.c:222
msgid ""
"The reload action is deprecated. Please use \"dmsetup reload\" in case you "
"really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit "
"Ctrl-C now.\n"
msgstr ""
"L'action « reload » est obsolète. Merci d'utiliser « dmsetup reload » si vous avez vraiment besoin de cette fonctionnalité.\n"
"ATTENTION : n'utilisez pas « reload » sur des périphériques LUKS. Si c'est le cas, tapez Ctrl-C.\n"
#: src/cryptsetup.c:390
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Cette action écrasera définitivement les données sur %s."
#: src/cryptsetup.c:391
msgid "memory allocation error in action_luksFormat"
msgstr "erreur d'allocation de mémoire dans action_luksFormat"
#: src/cryptsetup.c:421
msgid "Obsolete option --non-exclusive is ignored.\n"
msgstr "L'option obsolète --non-exclusive est ignorée.\n"
#: src/cryptsetup.c:581 src/cryptsetup.c:603
msgid "Option --header-backup-file is required.\n"
msgstr "L'option --header-backup-file est requise.\n"
#: src/cryptsetup.c:637
msgid ""
"\n"
"<action> is one of:\n"
msgstr "\n<action> est l'une de :\n"
#: src/cryptsetup.c:643
#, c-format
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
"\n"
"<nom> est le périphérique à créer dans %s\n"
"<périphérique> est le périphérique chiffré\n"
"<emplacement> est le numéro de l'emplacement de clé LUKS à modifier\n"
"<fichier de clé> est un fichier optionnel contenant la nouvelle clé pour l'action luksAddKey\n"
#: src/cryptsetup.c:691
msgid "Show this help message"
msgstr "Afficher ce message d'aide"
#: src/cryptsetup.c:692
msgid "Display brief usage"
msgstr "Afficher, en résumé, la syntaxe d'invocation"
#: src/cryptsetup.c:696
msgid "Help options:"
msgstr "Options d'aide :"
#: src/cryptsetup.c:697
msgid "Shows more detailed error messages"
msgstr "Affiche des messages d'erreur plus détaillés"
#: src/cryptsetup.c:698
msgid "Show debug messages"
msgstr "Afficher les messages de débogage"
#: src/cryptsetup.c:699
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "L'algorithme (« cipher ») utilisé pour chiffrer le disque (voir /proc/crypto)"
#: src/cryptsetup.c:700
msgid "The hash used to create the encryption key from the passphrase"
msgstr "L'algorithme de hachage utilisé pour créer la clé de chiffrement à partir de la phrase de passe"
#: src/cryptsetup.c:701
msgid "Verifies the passphrase by asking for it twice"
msgstr "Vérifie la phrase de passe en la demandant deux fois"
#: src/cryptsetup.c:702
msgid "Read the key from a file (can be /dev/random)"
msgstr "Lit la clé depuis un fichier (qui peut être /dev/random)"
#: src/cryptsetup.c:703
msgid "Read the volume (master) key from file."
msgstr "Lit la clé (maîtresse) du volume depuis un fichier."
#: src/cryptsetup.c:704
msgid "The size of the encryption key"
msgstr "La taille de la clé de chiffrement"
#: src/cryptsetup.c:704
msgid "BITS"
msgstr "BITS"
#: src/cryptsetup.c:705
msgid "Slot number for new key (default is first free)"
msgstr "Numéro de l'emplacement pour la nouvelle clé (par défaut, le premier disponible)"
#: src/cryptsetup.c:706
msgid "The size of the device"
msgstr "La taille du périphérique"
#: src/cryptsetup.c:706 src/cryptsetup.c:707 src/cryptsetup.c:708
#: src/cryptsetup.c:716
msgid "SECTORS"
msgstr "SECTEURS"
#: src/cryptsetup.c:707
msgid "The start offset in the backend device"
msgstr "Le décalage à partir du début du périphérique sous-jacent"
#: src/cryptsetup.c:708
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Combien de secteurs de données chiffrées sauter au début"
#: src/cryptsetup.c:709
msgid "Create a readonly mapping"
msgstr "Créer un « mapping » en lecture seule"
#: src/cryptsetup.c:710
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "Temps d'itération de PBKDF2 pour LUKS (en ms)"
#: src/cryptsetup.c:711
msgid "msecs"
msgstr "msecs"
#: src/cryptsetup.c:712
msgid "Do not ask for confirmation"
msgstr "Ne pas demander confirmation"
#: src/cryptsetup.c:713
msgid "Print package version"
msgstr "Afficher la version du paquet"
#: src/cryptsetup.c:714
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Délai d'expiration de la demande interactive de phrase de passe (en secondes)"
#: src/cryptsetup.c:714
msgid "secs"
msgstr "secs"
#: src/cryptsetup.c:715
msgid "How often the input of the passphrase canbe retried"
msgstr "Nombre de tentatives possibles pour entrer la phrase de passe"
#: src/cryptsetup.c:716
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Utiliser une limite de <n> secteurs pour aligner les données - pour luksFormat"
#: src/cryptsetup.c:717
msgid "(Obsoleted, see man page.)"
msgstr "(Obsolète, voir la page de man)."
#: src/cryptsetup.c:718
msgid "File with LUKS header and keyslots backup."
msgstr "Fichier contenant une sauvegarde de l'en-tête LUKS et des emplacements de clés."
#: src/cryptsetup.c:736
msgid "[OPTION...] <action> <action-specific>]"
msgstr "[OPTION...] <action> <paramètres de l'action>]"
#: src/cryptsetup.c:772
msgid "Key size must be a multiple of 8 bits"
msgstr "La taille de la clé doit être un multiple de 8 bits"
#: src/cryptsetup.c:776
msgid "Argument <action> missing."
msgstr "Il manque l'argument <action>."
#: src/cryptsetup.c:782
msgid "Unknown action."
msgstr "Action inconnue."
#: src/cryptsetup.c:797
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s : les arguments %s sont requis."

814
po/id.po
View File

@@ -1,814 +0,0 @@
# Pesan bahasa Indonesia untuk cryptsetup.
# Copyright (C) 2009 Free Software Foundation, Inc.
# This file is put in the public domain.
# Arif E. Nugroho <arif_endro@yahoo.com>, 2009, 2010.
#
msgid ""
msgstr ""
"Project-Id-Version: cryptsetup 1.1.0-rc4\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
"POT-Creation-Date: 2009-12-30 20:09+0100\n"
"PO-Revision-Date: 2010-01-27 07:30+0700\n"
"Last-Translator: Arif E. Nugroho <arif_endro@yahoo.com>\n"
"Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=ISO-8859-1\n"
"Content-Transfer-Encoding: 8bit\n"
#: lib/libdevmapper.c:48
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod telah dimuat?\n"
#: lib/libdevmapper.c:304
#, c-format
msgid "DM-UUID for device %s was truncated.\n"
msgstr "DM-UUID untuk perangkat %s telah terpotong.\n"
#: lib/setup.c:103
#, c-format
msgid "Cannot not read %d bytes from key file %s.\n"
msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n"
#: lib/setup.c:115
msgid "Key processing error.\n"
msgstr "Terjadi kesalahan dalam pengolahan kunci.\n"
#: lib/setup.c:169
msgid "All key slots full.\n"
msgstr "Semua slot kunci telah penuh.\n"
#: lib/setup.c:176 lib/setup.c:304 lib/setup.c:778
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Slot kunci %d tidak valid, mohon pilih diantara 0 dan %d.\n"
#: lib/setup.c:182
#, c-format
msgid "Key slot %d is full, please select another one.\n"
msgstr "Slot kunci %d penuh, mohon pilih yang lain.\n"
#: lib/setup.c:201
msgid "Enter any remaining LUKS passphrase: "
msgstr "Masukan kata sandi LUKS yang tersisa: "
#: lib/setup.c:222
#, c-format
msgid "Key slot %d verified.\n"
msgstr "Slot kunci %d telah terverifikasi.\n"
#: lib/setup.c:257
#, c-format
msgid "Cannot get info about device %s.\n"
msgstr "Tidak dapat mendapatkan informasi mengenai perangkat %s.\n"
#: lib/setup.c:264
#, c-format
msgid "Device %s has zero size.\n"
msgstr "Perangkat %s memiliki ukuran nol.\n"
#: lib/setup.c:268
#, c-format
msgid "Device %s is too small.\n"
msgstr "Perangkat %s terlalu kecil.\n"
#: lib/setup.c:293
msgid "Enter LUKS passphrase to be deleted: "
msgstr "Masukan kata sandi LUKS yang akan dihapus: "
#: lib/setup.c:299
#, c-format
msgid "key slot %d selected for deletion.\n"
msgstr "slot kunci %d terpilih untuk penghapusan.\n"
#: lib/setup.c:310
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr "Kunci %d tidak aktif. Tidak dapat menghapus.\n"
#: lib/setup.c:316
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil setelah menghapus kunci ini."
#: lib/setup.c:364 lib/setup.c:1651 lib/setup.c:1704 lib/setup.c:1761
#, c-format
msgid "Device %s already exists.\n"
msgstr "Perangkat %s telah ada.\n"
#: lib/setup.c:369
#, c-format
msgid "Invalid key size %d.\n"
msgstr "Besar kunci %d tidak valid.\n"
#: lib/setup.c:471 lib/setup.c:1656
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Masukan kata sandi untuk %s: "
#: lib/setup.c:600 lib/setup.c:628 lib/setup.c:1365 lib/setup.c:1712
msgid "Enter passphrase: "
msgstr "Masukan kata sandi: "
#: lib/setup.c:661 lib/setup.c:1040 lib/setup.c:1803
#, c-format
msgid "Device %s is not active.\n"
msgstr "Perangkat %s tidak aktif.\n"
#: lib/setup.c:770
msgid "No known cipher specification pattern detected.\n"
msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n"
#: lib/setup.c:784
msgid "Enter LUKS passphrase: "
msgstr "Masukan kata sandi LUKS: "
#: lib/setup.c:1060
msgid "Invalid plain crypt parameters.\n"
msgstr "Parameter crypt tidak valid.\n"
#: lib/setup.c:1065
msgid "Invalid key size.\n"
msgstr "Ukuran kunci tidak valid.\n"
#: lib/setup.c:1097
msgid "Can't format LUKS without device.\n"
msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n"
#: lib/setup.c:1112
#, c-format
msgid "Can't wipe header on device %s.\n"
msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
#: lib/setup.c:1154
#, c-format
msgid "Unknown crypt device type %s requested.\n"
msgstr "Tipe perangkat sandi %s yang diminta tidak diketahui.\n"
#: lib/setup.c:1187
msgid "Cannot initialize crypto backend.\n"
msgstr "Tidak dapat menginisialisasi backend crypto.\n"
#: lib/setup.c:1261
#, c-format
msgid "Volume %s is not active.\n"
msgstr "Volume %s tidak aktif.\n"
#: lib/setup.c:1274
#, c-format
msgid "Volume %s is already suspended.\n"
msgstr "Volume %s telah disuspend.\n"
#: lib/setup.c:1300 lib/setup.c:1347 lib/setup.c:1406 lib/setup.c:1484
#: lib/setup.c:1556 lib/setup.c:1601 lib/setup.c:1695 lib/setup.c:1752
#: lib/setup.c:1873 lib/setup.c:1956 lib/setup.c:2056
msgid "This operation is supported only for LUKS device.\n"
msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
#: lib/setup.c:1311 lib/setup.c:1358
#, c-format
msgid "Volume %s is not suspended.\n"
msgstr "Volume %s tidak disuspend.\n"
#: lib/setup.c:1420 lib/setup.c:1498
msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Tidak dapat menambahkan slot kunci, seluruh slot tidak aktif dan tidak ada volume kunci yang disediakan.\n"
#: lib/setup.c:1429 lib/setup.c:1504 lib/setup.c:1507
msgid "Enter any passphrase: "
msgstr "Masukan kata sandi: "
#: lib/setup.c:1448 lib/setup.c:1522 lib/setup.c:1526 lib/setup.c:1579
msgid "Enter new passphrase for key slot: "
msgstr "Masukan kasa sandi baru untuk slot kunci: "
#: lib/setup.c:1570 lib/setup.c:1772 lib/setup.c:1884
msgid "Volume key does not match the volume.\n"
msgstr "Kunci volume tidak cocok dengan volume.\n"
#: lib/setup.c:1607
#, c-format
msgid "Key slot %d is invalid.\n"
msgstr "Slot kunci %d tidak valid.\n"
#: lib/setup.c:1612
#, c-format
msgid "Key slot %d is not used.\n"
msgstr "Slot kunci %d tidak digunakan.\n"
#: lib/setup.c:1799
#, c-format
msgid "Device %s is busy.\n"
msgstr "Perangkat %s sibuk.\n"
#: lib/setup.c:1807
#, c-format
msgid "Invalid device %s.\n"
msgstr "Perangkat %s tidak valid.\n"
#: lib/setup.c:1831
msgid "Volume key buffer too small.\n"
msgstr "Penyangga kunci volume terlalu kecil.\n"
#: lib/setup.c:1839
msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n"
#: lib/setup.c:1861
#, c-format
msgid "This operation is not supported for %s crypt device.\n"
msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
#: lib/utils.c:416
#, c-format
msgid "Failed to open key file %s.\n"
msgstr "Gagal membuka berkas kunci %s.\n"
#: lib/utils.c:436
msgid "Error reading passphrase from terminal.\n"
msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n"
#: lib/utils.c:441
msgid "Verify passphrase: "
msgstr "Memverifikasi kata sandi: "
#: lib/utils.c:443
msgid "Passphrases do not match.\n"
msgstr "Kata sandi tidak cocok.\n"
#: lib/utils.c:458
msgid "Can't do passphrase verification on non-tty inputs.\n"
msgstr "Tidak dapat melakukan verifikasi kata sandi di masukan bukan tty.\n"
#: lib/utils.c:471
#, c-format
msgid "Failed to stat key file %s.\n"
msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
#: lib/utils.c:475
#, c-format
msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
msgstr "Peringatan: pembacaan yang melelahkan diminta, tetapi berkas kunci %s bukan sebuah berkas biasa, fungsi mungkin tidak pernah kembali.\n"
#: lib/utils.c:487
msgid "Out of memory while reading passphrase.\n"
msgstr "Kehabisan memori ketika membaca kata sandi.\n"
#: lib/utils.c:494
msgid "Error reading passphrase.\n"
msgstr "Kesalahan dalam pembacaan kata sandi.\n"
#: lib/utils.c:531
#, c-format
msgid "Device %s doesn't exist or access denied.\n"
msgstr "Perangkat %s tidak ada atau akses ditolak.\n"
#: lib/utils.c:538
#, c-format
msgid "Cannot open device %s for %s%s access.\n"
msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n"
#: lib/utils.c:539
msgid "exclusive "
msgstr "ekslusif "
#: lib/utils.c:540
msgid "writable"
msgstr "dapat-ditulis"
#: lib/utils.c:540
msgid "read-only"
msgstr "baca-saja"
#: lib/utils.c:547
#, c-format
msgid "Cannot read device %s.\n"
msgstr "Tidak dapat membaca perangkat %s.\n"
#: lib/utils.c:577
#, c-format
msgid "Cannot open device: %s\n"
msgstr "Tidak dapat membuka perangkat: %s\n"
#: lib/utils.c:587
#, c-format
msgid "BLKROGET failed on device %s.\n"
msgstr "BLKROGET gagal di perangkat %s.\n"
#: lib/utils.c:612
#, c-format
msgid "BLKGETSIZE failed on device %s.\n"
msgstr "BLKGETSIZE gagal di perangkat %s.\n"
#: lib/utils.c:660
msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
msgstr "PERINGATAN!!! Kemungkinan menggunakan memori tidak aman. Apakah anda root?\n"
#: lib/utils.c:666
msgid "Cannot get process priority.\n"
msgstr "Tidak dapat mendapatkan prioritas proses.\n"
#: lib/utils.c:669 lib/utils.c:682
#, c-format
msgid "setpriority %u failed: %s"
msgstr "setpriority %u gagal: %s"
#: lib/utils.c:680
msgid "Cannot unlock memory."
msgstr "Tidak dapat membuka kunci memori."
#: luks/keyencryption.c:68
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr "Tidak dapat mendapatkan ukuran sektor untuk %s"
#: luks/keyencryption.c:137
msgid "Failed to obtain device mapper directory."
msgstr "Gagal untuk memperoleh direktori pemeta-perangkat."
#: luks/keyencryption.c:153
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"
"%s"
msgstr ""
"Gagal untuk mengkonfigurasi pemetaan kunci dm-crypt untuk perangkat %s.\n"
"Periksa apakah kernel mendukung cipher %s (periksa syslog untuk informasi lebih lanjut).\n"
"%s"
#: luks/keyencryption.c:163
msgid "Failed to open temporary keystore device.\n"
msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n"
#: luks/keyencryption.c:170
msgid "Failed to access temporary keystore device.\n"
msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n"
#: luks/keymanage.c:91
#, c-format
msgid "Requested file %s already exist.\n"
msgstr "Berkas %s yang diminta telah ada.\n"
#: luks/keymanage.c:111
#, c-format
msgid "Device %s is not LUKS device.\n"
msgstr "Perangkat %s bukan perangkat LUKS.\n"
#: luks/keymanage.c:131
#, c-format
msgid "Cannot write header backup file %s.\n"
msgstr "Tidak dapat menulis berkas cadangan header %s.\n"
#: luks/keymanage.c:158
#, c-format
msgid "Backup file %s doesn't exist.\n"
msgstr "Berkas cadangan %s tidak ada.\n"
#: luks/keymanage.c:166
msgid "Backup file do not contain valid LUKS header.\n"
msgstr "Berkas cadangan tidak berisi header LUKS yang valid.\n"
#: luks/keymanage.c:179
#, c-format
msgid "Cannot open header backup file %s.\n"
msgstr "Tidak dapat membuka berkas cadangan header %s.\n"
#: luks/keymanage.c:185
#, c-format
msgid "Cannot read header backup file %s.\n"
msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
#: luks/keymanage.c:196
msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n"
#: luks/keymanage.c:204
#, c-format
msgid "Device %s %s%s"
msgstr "Perangkat %s %s%s"
#: luks/keymanage.c:205
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "tidak berisi header LUKS. Mengganti header dapat menghancurkan data di perangkat itu."
#: luks/keymanage.c:206
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang telah ada."
#: luks/keymanage.c:207
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgstr ""
"\n"
"PERINGATAN: header perangkat ril memiliki UUID berbeda dengan cadangan!"
#: luks/keymanage.c:222 luks/keymanage.c:319 luks/keymanage.c:354
#, c-format
msgid "Cannot open device %s.\n"
msgstr "Tidak dapat membuka perangkat %s.\n"
#: luks/keymanage.c:254
#, c-format
msgid "%s is not LUKS device.\n"
msgstr "%s bukan perangkat LUKS.\n"
#: luks/keymanage.c:256
#, c-format
msgid "%s is not LUKS device."
msgstr "%s bukan perangkat LUKS."
#: luks/keymanage.c:259
#, c-format
msgid "Unsupported LUKS version %d.\n"
msgstr "versi LUKS %d tidak didukung.\n"
#: luks/keymanage.c:262
#, c-format
msgid "Requested LUKS hash %s is not supported.\n"
msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
#: luks/keymanage.c:293
#, c-format
msgid "Cannot open file %s.\n"
msgstr "Tidak dapat membuka berkas %s.\n"
#: luks/keymanage.c:331
#, c-format
msgid "LUKS header detected but device %s is too small.\n"
msgstr "Header LUKS terdeteksi tetapi perangkat %s terlalu kecil.\n"
#: luks/keymanage.c:375
#, c-format
msgid "Error during update of LUKS header on device %s.\n"
msgstr "Error selama memperbarui header LUKS di perangkat %s.\n"
#: luks/keymanage.c:382
#, c-format
msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Error membaca-kembali header LUKS setelah memperbarui di perangkat %s.\n"
#: luks/keymanage.c:394
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)."
#: luks/keymanage.c:439
msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Tidak dapat membuat header LUKS: pembacaan garam acak gagal.\n"
#: luks/keymanage.c:456
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Tidak dapat membuat header LUKS: digest header gagal (menggunakan hash %s).\n"
#: luks/keymanage.c:473
msgid "Wrong UUID format provided, generating new one.\n"
msgstr "Format UUID yang disediakan berbeda, membuat yang baru.\n"
#: luks/keymanage.c:500
#, c-format
msgid "Key slot %d active, purge first.\n"
msgstr "Slot kunci %d aktif, hapus terlebih dahulu.\n"
#: luks/keymanage.c:505
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Slot kunci %d material terdapat terlalu sedikit stripes. Manipulasi header?\n"
#: luks/keymanage.c:564
msgid "Failed to write to key storage.\n"
msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
#: luks/keymanage.c:641
msgid "Failed to read from key storage.\n"
msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
#: luks/keymanage.c:650
#, c-format
msgid "Key slot %d unlocked.\n"
msgstr "Slot kunci %d tidak terkunci.\n"
#: luks/keymanage.c:683
msgid "No key available with this passphrase.\n"
msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n"
#: luks/keymanage.c:760
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Slot kunci %d tidak valid, mohon pilih slot kunci diantara 0 dan %d.\n"
#: luks/keymanage.c:772
#, c-format
msgid "Cannot wipe device %s.\n"
msgstr "Tidak dapat menghapus perangkat %s.\n"
#: src/cryptsetup.c:71 src/cryptsetup.c:89
msgid "<name> <device>"
msgstr "<nama> <perangkat>"
#: src/cryptsetup.c:71
msgid "create device"
msgstr "buat perangkat"
#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
#: src/cryptsetup.c:82
msgid "<name>"
msgstr "<nama>"
#: src/cryptsetup.c:72
msgid "remove device"
msgstr "hapus perangkat"
#: src/cryptsetup.c:73
msgid "resize active device"
msgstr "ubah ukuran perangkat aktif"
#: src/cryptsetup.c:74
msgid "show device status"
msgstr "tampilkan status perangkat"
#: src/cryptsetup.c:75 src/cryptsetup.c:77
msgid "<device> [<new key file>]"
msgstr "<perangkat> [<berkas kunci baru>]"
#: src/cryptsetup.c:75
msgid "formats a LUKS device"
msgstr "format sebuah perangkat LUKS"
#: src/cryptsetup.c:76
msgid "<device> <name> "
msgstr "<perangkat> <nama>"
#: src/cryptsetup.c:76
msgid "open LUKS device as mapping <name>"
msgstr "buka perangkat LUKS sebagai pemetaan <nama>"
#: src/cryptsetup.c:77
msgid "add key to LUKS device"
msgstr "tambahkan kunci ke perangkat LUKS"
#: src/cryptsetup.c:78
msgid "<device> [<key file>]"
msgstr "<perangkat> [<berkas kunci>]"
#: src/cryptsetup.c:78
msgid "removes supplied key or key file from LUKS device"
msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS"
#: src/cryptsetup.c:79 src/cryptsetup.c:88
msgid "<device> <key slot>"
msgstr "<perangkat> <slot kunci>"
#: src/cryptsetup.c:79
msgid "wipes key with number <key slot> from LUKS device"
msgstr "hapus kunci dengan nomor <slot kunci> dari perangkat LUKS"
#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
#: src/cryptsetup.c:87
msgid "<device>"
msgstr "<perangkat>"
#: src/cryptsetup.c:80
msgid "print UUID of LUKS device"
msgstr "tampilkan UUID dari perangkat LUKS"
#: src/cryptsetup.c:81
msgid "tests <device> for LUKS partition header"
msgstr "periksa <perangkat> untuk header partisi LUKS"
#: src/cryptsetup.c:82
msgid "remove LUKS mapping"
msgstr "hapus pemetaan LUKS"
#: src/cryptsetup.c:83
msgid "dump LUKS partition information"
msgstr "dump informasi partisi LUKS"
#: src/cryptsetup.c:84
msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgstr "Hentikan perangkat LUKS dan hapus kunci (semua IO dihentikan)."
#: src/cryptsetup.c:85
msgid "Resume suspended LUKS device."
msgstr "Lanjutkan perangkat LUKS yang dihentikan."
#: src/cryptsetup.c:86
msgid "Backup LUKS device header and keyslots"
msgstr "Buat cadangan header perangkat LUKS dan slot kunci"
#: src/cryptsetup.c:87
msgid "Restore LUKS device header and keyslots"
msgstr "Kembalikan header perangkat LUKS dan slot kunci"
#: src/cryptsetup.c:88
msgid "identical to luksKillSlot - DEPRECATED - see man page"
msgstr "identik ke luksKillSlot - DITINGGALKAN - lihat halaman petunjuk penggunaan"
#: src/cryptsetup.c:89
msgid "modify active device - DEPRECATED - see man page"
msgstr "modifikasi perangkat aktif - DITINGGALKAN - lihat halaman petunjuk penggunaan"
#: src/cryptsetup.c:180
msgid "Command successful.\n"
msgstr "Perintah berhasil.\n"
#: src/cryptsetup.c:194
#, c-format
msgid "Command failed with code %i"
msgstr "Perintah gagal dengan kode %i"
#: src/cryptsetup.c:222
msgid ""
"The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
msgstr ""
"Aksi muat kembali telah ditinggalkan. Mohon gunakan \"dmsetup reload\" dalam kasus anda benar benar membutuhkan fungsi ini.\n"
"PERINGATAN: jangan gunakan muat-kembali untuk menyentuk perangkat LUKS. Jika itu masalahnya, tekan Ctrl-C sekarang.\n"
#: src/cryptsetup.c:390
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Ini akan memaksa menulis data di %s secara permanen."
#: src/cryptsetup.c:391
msgid "memory allocation error in action_luksFormat"
msgstr "alokasi memori error dalam action_luksFormat"
#: src/cryptsetup.c:421
msgid "Obsolete option --non-exclusive is ignored.\n"
msgstr "Pilihan sudah ditinggalkan --no-exclusive diabaikan.\n"
#: src/cryptsetup.c:581 src/cryptsetup.c:603
msgid "Option --header-backup-file is required.\n"
msgstr "Pilihan --header-backup-file dibutuhkan.\n"
#: src/cryptsetup.c:637
msgid ""
"\n"
"<action> is one of:\n"
msgstr ""
"\n"
"<aksi> adalah salah satu dari:\n"
#: src/cryptsetup.c:643
#, c-format
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
"\n"
"<nama> adalah perangkat untuk dibuat dibawah %s\n"
"<perangkat> adalah perangkat terenkripsi\n"
"<slot kunci> adalah nomor slot kunci LUKS untuk dimodifikasi\n"
"<berkas kunci> adalah berkas kunci opsional untuk kunci baru untuk aksi luksAddKey\n"
#: src/cryptsetup.c:650
#, c-format
msgid ""
"\n"
"Default compiled-in device cipher parameters:\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"
msgstr ""
"\n"
"Parameter baku yang terkompilasi dalam perangkat penyandi:\n"
"\tterbuka: %s, Kunci: %d bits, Hash kata sandi : %s\n"
"\tLUKS1 : %s, Kunci: %d bits, Hash kepala LUKS: %s\n"
#: src/cryptsetup.c:697
msgid "Show this help message"
msgstr "Tampilkan pesan bantuan ini"
#: src/cryptsetup.c:698
msgid "Display brief usage"
msgstr "Tampilkan penggunaan singkat"
#: src/cryptsetup.c:702
msgid "Help options:"
msgstr "Pilihan bantuan:"
#: src/cryptsetup.c:703
msgid "Shows more detailed error messages"
msgstr "Tampilkan pesan kesalahan secara lebih detail"
#: src/cryptsetup.c:704
msgid "Show debug messages"
msgstr "Tampilkan pesan penelusuran"
#: src/cryptsetup.c:705
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Cipher yang digunakan untuk mengenkripsi ke disk (lihat /proc/crypto)"
#: src/cryptsetup.c:706
msgid "The hash used to create the encryption key from the passphrase"
msgstr "Hash yang digunakan untuk membuat kunci enkripsi dari kata sandi"
#: src/cryptsetup.c:707
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verifikasi kata sandi dengan menanyakan itu dua kali"
#: src/cryptsetup.c:708
msgid "Read the key from a file (can be /dev/random)"
msgstr "Baca kunci dari sebuah berkas (dapat berupa /dev/random)"
#: src/cryptsetup.c:709
msgid "Read the volume (master) key from file."
msgstr "Baca volume (master) kunci dari berkas."
#: src/cryptsetup.c:710
msgid "The size of the encryption key"
msgstr "Besar dari kunci enkripsi"
#: src/cryptsetup.c:710
msgid "BITS"
msgstr "BITS"
#: src/cryptsetup.c:711
msgid "Slot number for new key (default is first free)"
msgstr "Nomor slot untuk kunci baru (baku adalah yang kosong pertama)"
#: src/cryptsetup.c:712
msgid "The size of the device"
msgstr "Besar dari perangkat"
#: src/cryptsetup.c:712 src/cryptsetup.c:713 src/cryptsetup.c:714
#: src/cryptsetup.c:722
msgid "SECTORS"
msgstr "SEKTOR"
#: src/cryptsetup.c:713
msgid "The start offset in the backend device"
msgstr "Awal ofset dalam perangkat backend"
#: src/cryptsetup.c:714
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Berapa banyak sektor dari data terenkripsi yang dilewatkan di awal"
#: src/cryptsetup.c:715
msgid "Create a readonly mapping"
msgstr "Buat pemetaan baca-saja"
#: src/cryptsetup.c:716
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)"
#: src/cryptsetup.c:717
msgid "msecs"
msgstr "mdetik"
#: src/cryptsetup.c:718
msgid "Do not ask for confirmation"
msgstr "Jangan tanya untuk konfirmasi"
#: src/cryptsetup.c:719
msgid "Print package version"
msgstr "Tampilkan versi paket"
#: src/cryptsetup.c:720
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Waktu habis untuk pertanyaan interaktif kata sandi (dalam detik)"
#: src/cryptsetup.c:720
msgid "secs"
msgstr "detik"
#: src/cryptsetup.c:721
msgid "How often the input of the passphrase can be retried"
msgstr "Seberapa sering masukan dari kata sandi dapat dicoba"
#: src/cryptsetup.c:722
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Sesuaikan muatan di batas sektor <n> - untuk luksFormat"
#: src/cryptsetup.c:723
msgid "(Obsoleted, see man page.)"
msgstr "(Ditinggalkan, lihat halaman petunjuk penggunaan.)"
#: src/cryptsetup.c:724
msgid "File with LUKS header and keyslots backup."
msgstr "Berkas dengan header LUKS dan cadangan slot kunci."
#: src/cryptsetup.c:742
msgid "[OPTION...] <action> <action-specific>]"
msgstr "[PILIHAN...] <aksi> <aksi-spesifik>]"
#: src/cryptsetup.c:778
msgid "Key size must be a multiple of 8 bits"
msgstr "Kunci harus kelipatan dari 8 bit"
#: src/cryptsetup.c:782
msgid "Argument <action> missing."
msgstr "Argumen <aksi> hilang."
#: src/cryptsetup.c:788
msgid "Unknown action."
msgstr "Aksi tidak diketahui."
#: src/cryptsetup.c:803
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: membutuhkan %s sebagai argumen"

814
po/it.po
View File

@@ -1,814 +0,0 @@
# Italian translation for cryptsetup.
# Copyright (C) 2010 Free Software Foundation, Inc.
# This file is put in the public domain.
# Sergio Zanchetta <primes2h@ubuntu.com>, 2010.
#
msgid ""
msgstr ""
"Project-Id-Version: cryptsetup-1.1.0-rc4\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
"POT-Creation-Date: 2009-12-30 20:09+0100\n"
"PO-Revision-Date: 2010-03-03 15:10+0100\n"
"Last-Translator: Sergio Zanchetta <primes2h@ubuntu.com>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: lib/libdevmapper.c:48
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Impossibile inizializzare device-mapper. Il modulo kernel dm_mod è caricato?\n"
#: lib/libdevmapper.c:304
#, c-format
msgid "DM-UUID for device %s was truncated.\n"
msgstr "DM-UUID per il device %s è stato troncato.\n"
#: lib/setup.c:103
#, c-format
msgid "Cannot not read %d bytes from key file %s.\n"
msgstr "Impossibile leggere %d byte dal file chiave %s.\n"
#: lib/setup.c:115
msgid "Key processing error.\n"
msgstr "Errore nell'elaborazione della chiave.\n"
#: lib/setup.c:169
msgid "All key slots full.\n"
msgstr "Tutti gli slot di chiave sono pieni.\n"
#: lib/setup.c:176 lib/setup.c:304 lib/setup.c:778
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d.\n"
#: lib/setup.c:182
#, c-format
msgid "Key slot %d is full, please select another one.\n"
msgstr "Lo slot di chiave %d è pieno, selezionarne un altro.\n"
#: lib/setup.c:201
msgid "Enter any remaining LUKS passphrase: "
msgstr "Inserire qualunque passphrase LUKS rimanente: "
#: lib/setup.c:222
#, c-format
msgid "Key slot %d verified.\n"
msgstr "Slot di chiave %d verificato.\n"
#: lib/setup.c:257
#, c-format
msgid "Cannot get info about device %s.\n"
msgstr "Impossibile ottenere informazioni sul device %s.\n"
#: lib/setup.c:264
#, c-format
msgid "Device %s has zero size.\n"
msgstr "Il device %s ha dimensione zero.\n"
#: lib/setup.c:268
#, c-format
msgid "Device %s is too small.\n"
msgstr "Il device %s è troppo piccolo.\n"
#: lib/setup.c:293
msgid "Enter LUKS passphrase to be deleted: "
msgstr "Inserire la passphrase LUKS da eliminare: "
#: lib/setup.c:299
#, c-format
msgid "key slot %d selected for deletion.\n"
msgstr "slot di chiave %d selezionato per l'eliminazione.\n"
#: lib/setup.c:310
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr "Chiave %d non attiva. Impossibile ripulirla.\n"
#: lib/setup.c:316
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Questo è l'ultimo slot di chiave. Il device sarà inutilizzabile dopo aver eliminato questa chiave."
#: lib/setup.c:364 lib/setup.c:1651 lib/setup.c:1704 lib/setup.c:1761
#, c-format
msgid "Device %s already exists.\n"
msgstr "Il device %s è già esistente.\n"
#: lib/setup.c:369
#, c-format
msgid "Invalid key size %d.\n"
msgstr "Dimensione della chiave non valida %d.\n"
#: lib/setup.c:471 lib/setup.c:1656
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Inserire passphrase per %s: "
#: lib/setup.c:600 lib/setup.c:628 lib/setup.c:1365 lib/setup.c:1712
msgid "Enter passphrase: "
msgstr "Inserire passphrase: "
#: lib/setup.c:661 lib/setup.c:1040 lib/setup.c:1803
#, c-format
msgid "Device %s is not active.\n"
msgstr "Il device %s non è attivo.\n"
#: lib/setup.c:770
msgid "No known cipher specification pattern detected.\n"
msgstr "Rilevato un modello di specifica cifrario non conosciuto.\n"
#: lib/setup.c:784
msgid "Enter LUKS passphrase: "
msgstr "Inserire passphrase LUKS: "
#: lib/setup.c:1060
msgid "Invalid plain crypt parameters.\n"
msgstr "Parametri di cifratura in chiaro non validi.\n"
#: lib/setup.c:1065
msgid "Invalid key size.\n"
msgstr "Dimensione della chiave non valida.\n"
#: lib/setup.c:1097
msgid "Can't format LUKS without device.\n"
msgstr "Impossibile formattare LUKS senza device.\n"
#: lib/setup.c:1112
#, c-format
msgid "Can't wipe header on device %s.\n"
msgstr "Impossibile ripulire l'header sul device %s.\n"
#: lib/setup.c:1154
#, c-format
msgid "Unknown crypt device type %s requested.\n"
msgstr "Richiesto device cifrato di tipo %s sconosciuto.\n"
#: lib/setup.c:1187
msgid "Cannot initialize crypto backend.\n"
msgstr "Impossibile inizializzare il backend crypto.\n"
#: lib/setup.c:1261
#, c-format
msgid "Volume %s is not active.\n"
msgstr "Il volume %s non è attivo.\n"
#: lib/setup.c:1274
#, c-format
msgid "Volume %s is already suspended.\n"
msgstr "Il volume %s è già sospeso.\n"
#: lib/setup.c:1300 lib/setup.c:1347 lib/setup.c:1406 lib/setup.c:1484
#: lib/setup.c:1556 lib/setup.c:1601 lib/setup.c:1695 lib/setup.c:1752
#: lib/setup.c:1873 lib/setup.c:1956 lib/setup.c:2056
msgid "This operation is supported only for LUKS device.\n"
msgstr "Questa operazione è supportata solo per i device LUKS.\n"
#: lib/setup.c:1311 lib/setup.c:1358
#, c-format
msgid "Volume %s is not suspended.\n"
msgstr "Il volume %s non è sospeso.\n"
#: lib/setup.c:1420 lib/setup.c:1498
msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Impossibile aggiungere slot di chiave, tutti gli slot disabilitati e nessuna chiave di volume fornita.\n"
#: lib/setup.c:1429 lib/setup.c:1504 lib/setup.c:1507
msgid "Enter any passphrase: "
msgstr "Inserire una qualsiasi passphrase: "
#: lib/setup.c:1448 lib/setup.c:1522 lib/setup.c:1526 lib/setup.c:1579
msgid "Enter new passphrase for key slot: "
msgstr "Inserire nuova passphrase per lo slot di chiave: "
#: lib/setup.c:1570 lib/setup.c:1772 lib/setup.c:1884
msgid "Volume key does not match the volume.\n"
msgstr "La chiave di volume non corrisponde al volume.\n"
#: lib/setup.c:1607
#, c-format
msgid "Key slot %d is invalid.\n"
msgstr "Lo slot di chiave %d non è valido.\n"
#: lib/setup.c:1612
#, c-format
msgid "Key slot %d is not used.\n"
msgstr "Lo slot di chiave %d non è utilizzato.\n"
#: lib/setup.c:1799
#, c-format
msgid "Device %s is busy.\n"
msgstr "Il device %s è occupato.\n"
#: lib/setup.c:1807
#, c-format
msgid "Invalid device %s.\n"
msgstr "Device %s non valido.\n"
#: lib/setup.c:1831
msgid "Volume key buffer too small.\n"
msgstr "Buffer di chiave del volume troppo piccolo.\n"
#: lib/setup.c:1839
msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Impossibile recuperare la chiave di volume per device in chiaro.\n"
#: lib/setup.c:1861
#, c-format
msgid "This operation is not supported for %s crypt device.\n"
msgstr "Questa operazione non è supportata per il device cifrato %s.\n"
#: lib/utils.c:416
#, c-format
msgid "Failed to open key file %s.\n"
msgstr "Impossibile aprire il file chiave %s.\n"
#: lib/utils.c:436
msgid "Error reading passphrase from terminal.\n"
msgstr "Errore nella lettura della passphrase dal terminale.\n"
#: lib/utils.c:441
msgid "Verify passphrase: "
msgstr "Verifica passphrase: "
#: lib/utils.c:443
msgid "Passphrases do not match.\n"
msgstr "Le passphrase non corrispondono.\n"
#: lib/utils.c:458
msgid "Can't do passphrase verification on non-tty inputs.\n"
msgstr "Impossibile verificare la passphrase da un input non tty.\n"
#: lib/utils.c:471
#, c-format
msgid "Failed to stat key file %s.\n"
msgstr "Stat del file chiave %s non riuscito.\n"
#: lib/utils.c:475
#, c-format
msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
msgstr "Attenzione: è richiesta una lettura esaustiva, ma essendo %s un file chiave non regolare la funzione potrebbe non ritornare mai.\n"
#: lib/utils.c:487
msgid "Out of memory while reading passphrase.\n"
msgstr "Memoria esaurita durante la lettura della passphrase.\n"
#: lib/utils.c:494
msgid "Error reading passphrase.\n"
msgstr "Errore nella lettura della passphrase.\n"
#: lib/utils.c:531
#, c-format
msgid "Device %s doesn't exist or access denied.\n"
msgstr "Il device %s non esiste oppure è negato l'accesso.\n"
#: lib/utils.c:538
#, c-format
msgid "Cannot open device %s for %s%s access.\n"
msgstr "Impossibile aprire il device %s per l'accesso %s%s.\n"
#: lib/utils.c:539
msgid "exclusive "
msgstr "esclusivo "
#: lib/utils.c:540
msgid "writable"
msgstr "in scrittura"
#: lib/utils.c:540
msgid "read-only"
msgstr "in sola lettura"
#: lib/utils.c:547
#, c-format
msgid "Cannot read device %s.\n"
msgstr "Impossibile leggere il device %s.\n"
#: lib/utils.c:577
#, c-format
msgid "Cannot open device: %s\n"
msgstr "Impossibile aprire il device: %s\n"
#: lib/utils.c:587
#, c-format
msgid "BLKROGET failed on device %s.\n"
msgstr "BLKROGET non riuscito sul device %s.\n"
#: lib/utils.c:612
#, c-format
msgid "BLKGETSIZE failed on device %s.\n"
msgstr "BLKGETSIZE non riuscito sul device %s.\n"
#: lib/utils.c:660
msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
msgstr "ATTENZIONE!!! È possibile che la memoria non sia sicura. Si è root?\n"
#: lib/utils.c:666
msgid "Cannot get process priority.\n"
msgstr "Impossibile ottenere la priorità del processo.\n"
#: lib/utils.c:669 lib/utils.c:682
#, c-format
msgid "setpriority %u failed: %s"
msgstr "setpriority %u non riuscito: %s"
#: lib/utils.c:680
msgid "Cannot unlock memory."
msgstr "Impossibile sbloccare la memoria."
#: luks/keyencryption.c:68
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr "Impossibile ottenere la dimensione del settore per %s"
#: luks/keyencryption.c:137
msgid "Failed to obtain device mapper directory."
msgstr "Recupero della directory device mapper non riuscito."
#: luks/keyencryption.c:153
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"
"%s"
msgstr ""
"Impostazione mappatura di chiave dm-crypt non riuscita per il device %s.\n"
"Controllare che il kernel supporti il cifrario %s (controllare il syslog per maggiori informazioni).\n"
"%s"
#: luks/keyencryption.c:163
msgid "Failed to open temporary keystore device.\n"
msgstr "Apertura del device temporaneo di deposito chiavi non riuscita.\n"
#: luks/keyencryption.c:170
msgid "Failed to access temporary keystore device.\n"
msgstr "Accesso al device temporaneo di deposito chiavi non riuscito.\n"
#: luks/keymanage.c:91
#, c-format
msgid "Requested file %s already exist.\n"
msgstr "Il file %s richiesto esiste già.\n"
#: luks/keymanage.c:111
#, c-format
msgid "Device %s is not LUKS device.\n"
msgstr "Il device %s non è un device LUKS.\n"
#: luks/keymanage.c:131
#, c-format
msgid "Cannot write header backup file %s.\n"
msgstr "Impossibile scrivere il file di backup dell'header %s.\n"
#: luks/keymanage.c:158
#, c-format
msgid "Backup file %s doesn't exist.\n"
msgstr "Il file di backup %s non esiste.\n"
#: luks/keymanage.c:166
msgid "Backup file do not contain valid LUKS header.\n"
msgstr "Il file di backup non contiene un header LUKS valido.\n"
#: luks/keymanage.c:179
#, c-format
msgid "Cannot open header backup file %s.\n"
msgstr "Impossibile aprire il file di backup dell'header %s.\n"
#: luks/keymanage.c:185
#, c-format
msgid "Cannot read header backup file %s.\n"
msgstr "Impossibile leggere il file di backup dell'header %s.\n"
#: luks/keymanage.c:196
msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "L'offset di dati oppure la dimensione della chiave sono diversi tra il device e il backup, ripristino non riuscito.\n"
#: luks/keymanage.c:204
#, c-format
msgid "Device %s %s%s"
msgstr "Il device %s %s%s"
#: luks/keymanage.c:205
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "non contiene un header LUKS. La sostituzione dell'header può distruggere i dati in quel device."
#: luks/keymanage.c:206
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "contiene già un header LUKS. Sostituendo l'header verranno distrutti gli slot di chiave esistenti."
#: luks/keymanage.c:207
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgstr ""
"\n"
"ATTENZIONE: l'header reale del device ha un UUID diverso da quello di backup."
#: luks/keymanage.c:222 luks/keymanage.c:319 luks/keymanage.c:354
#, c-format
msgid "Cannot open device %s.\n"
msgstr "Impossibile aprire il device %s.\n"
#: luks/keymanage.c:254
#, c-format
msgid "%s is not LUKS device.\n"
msgstr "%s non è un device LUKS.\n"
#: luks/keymanage.c:256
#, c-format
msgid "%s is not LUKS device."
msgstr "%s non è un device LUKS."
#: luks/keymanage.c:259
#, c-format
msgid "Unsupported LUKS version %d.\n"
msgstr "Versione %d di LUKS non supportata.\n"
#: luks/keymanage.c:262
#, c-format
msgid "Requested LUKS hash %s is not supported.\n"
msgstr "L'hash %s di LUKS richiesto non è supportato.\n"
#: luks/keymanage.c:293
#, c-format
msgid "Cannot open file %s.\n"
msgstr "Impossibile aprire il file %s.\n"
#: luks/keymanage.c:331
#, c-format
msgid "LUKS header detected but device %s is too small.\n"
msgstr "Rilevato un header LUKS ma il device %s è troppo piccolo.\n"
#: luks/keymanage.c:375
#, c-format
msgid "Error during update of LUKS header on device %s.\n"
msgstr "Errore durante l'aggiornamento dell'header LUKS sul device %s.\n"
#: luks/keymanage.c:382
#, c-format
msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Errore nella rilettura dell'header LUKS dopo l'aggiornamento sul dispositivo %s.\n"
#: luks/keymanage.c:394
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Opzioni PBKDF2 non compatibili (usando l'algoritmo di hash %s)."
#: luks/keymanage.c:439
msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Impossibile creare l'header LUKS: lettura salt casuale non riuscita.\n"
#: luks/keymanage.c:456
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Impossibile creare l'header LUKS: digest dell'header non riuscito (usando l'hash %s).\n"
#: luks/keymanage.c:473
msgid "Wrong UUID format provided, generating new one.\n"
msgstr "Fornito un formato UUID errato, generato uno nuovo.\n"
#: luks/keymanage.c:500
#, c-format
msgid "Key slot %d active, purge first.\n"
msgstr "Slot di chiave %d attivo, eliminarlo prima.\n"
#: luks/keymanage.c:505
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Il materiale dello slot di chiave %d contiene troppe poche strisce. Manipolazione dell'header?\n"
#: luks/keymanage.c:564
msgid "Failed to write to key storage.\n"
msgstr "Scrittura nel deposito chiavi non riuscita.\n"
#: luks/keymanage.c:641
msgid "Failed to read from key storage.\n"
msgstr "Lettura dal deposito chiavi non riuscita.\n"
#: luks/keymanage.c:650
#, c-format
msgid "Key slot %d unlocked.\n"
msgstr "Slot di chiave %d sbloccato.\n"
#: luks/keymanage.c:683
msgid "No key available with this passphrase.\n"
msgstr "Nessuna chiave disponibile con questa passphrase.\n"
#: luks/keymanage.c:760
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d.\n"
#: luks/keymanage.c:772
#, c-format
msgid "Cannot wipe device %s.\n"
msgstr "Impossibile ripulire il device %s.\n"
#: src/cryptsetup.c:71 src/cryptsetup.c:89
msgid "<name> <device>"
msgstr "<nome> <device>"
#: src/cryptsetup.c:71
msgid "create device"
msgstr "crea il device"
#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
#: src/cryptsetup.c:82
msgid "<name>"
msgstr "<nome>"
#: src/cryptsetup.c:72
msgid "remove device"
msgstr "rimuove il device"
#: src/cryptsetup.c:73
msgid "resize active device"
msgstr "ridimensiona il device attivo"
#: src/cryptsetup.c:74
msgid "show device status"
msgstr "mostra lo stato del device"
#: src/cryptsetup.c:75 src/cryptsetup.c:77
msgid "<device> [<new key file>]"
msgstr "<device> [<nuovo file chiave>]"
#: src/cryptsetup.c:75
msgid "formats a LUKS device"
msgstr "formatta un device LUKS"
#: src/cryptsetup.c:76
msgid "<device> <name> "
msgstr "<device> <nome> "
#: src/cryptsetup.c:76
msgid "open LUKS device as mapping <name>"
msgstr "apre il device LUKS come mappatura in <nome>"
#: src/cryptsetup.c:77
msgid "add key to LUKS device"
msgstr "aggiunge la chiave al device LUKS"
#: src/cryptsetup.c:78
msgid "<device> [<key file>]"
msgstr "<device> [<file chiave>]"
#: src/cryptsetup.c:78
msgid "removes supplied key or key file from LUKS device"
msgstr "rimuove la chiave fornita o il file chiave dal device LUKS"
#: src/cryptsetup.c:79 src/cryptsetup.c:88
msgid "<device> <key slot>"
msgstr "<device> <slot di chiave>"
#: src/cryptsetup.c:79
msgid "wipes key with number <key slot> from LUKS device"
msgstr "ripulisce la chiave con numero <slot di chiave> dal device LUKS"
#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
#: src/cryptsetup.c:87
msgid "<device>"
msgstr "<device>"
#: src/cryptsetup.c:80
msgid "print UUID of LUKS device"
msgstr "stampa l'UUID del device LUKS"
#: src/cryptsetup.c:81
msgid "tests <device> for LUKS partition header"
msgstr "esegue il test del <device> per l'header della partizione LUKS"
#: src/cryptsetup.c:82
msgid "remove LUKS mapping"
msgstr "rimuove la mappatura LUKS"
#: src/cryptsetup.c:83
msgid "dump LUKS partition information"
msgstr "esegue il dump delle informazioni sulla partizione LUKS"
#: src/cryptsetup.c:84
msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgstr "Sospende il device LUKS e ripulisce la chiave (tutti gli IO sono congelati)"
#: src/cryptsetup.c:85
msgid "Resume suspended LUKS device."
msgstr "Ripristina il device LUKS sospeso."
#: src/cryptsetup.c:86
msgid "Backup LUKS device header and keyslots"
msgstr "Fa il backup dell'header del device e degli slot di chiave"
#: src/cryptsetup.c:87
msgid "Restore LUKS device header and keyslots"
msgstr "Ripristina l'header del device LUKS e gli slot di chiave"
#: src/cryptsetup.c:88
msgid "identical to luksKillSlot - DEPRECATED - see man page"
msgstr "identico a luksKillSlot - DEPRECATO - consultare la pagina man"
#: src/cryptsetup.c:89
msgid "modify active device - DEPRECATED - see man page"
msgstr "modifica il device attivo - DEPRECATO - consultare la pagina man"
#: src/cryptsetup.c:180
msgid "Command successful.\n"
msgstr "Comando eseguito con successo.\n"
#: src/cryptsetup.c:194
#, c-format
msgid "Command failed with code %i"
msgstr "Comando non riuscito con codice %i"
#: src/cryptsetup.c:222
msgid ""
"The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
msgstr ""
"L'azione reload è deprecata. Usare \"dmsetup reload\" nel caso sia necessaria questa funzionalità.\n"
"ATTENZIONE: non usare ricarica per fare il touch del device LUKS. In questo caso, premere Ctrl-C adesso.\n"
#: src/cryptsetup.c:390
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Ciò sovrascriverà i dati in %s in modo irreversibile."
#: src/cryptsetup.c:391
msgid "memory allocation error in action_luksFormat"
msgstr "errore di allocazione di memoria in action_luksFormat"
#: src/cryptsetup.c:421
msgid "Obsolete option --non-exclusive is ignored.\n"
msgstr "Opzione obsoleta, --non-exclusive ignorato.\n"
#: src/cryptsetup.c:581 src/cryptsetup.c:603
msgid "Option --header-backup-file is required.\n"
msgstr "È richiesta l'opzione --header-backup-file.\n"
#: src/cryptsetup.c:637
msgid ""
"\n"
"<action> is one of:\n"
msgstr ""
"\n"
"<azione> è una tra:\n"
#: src/cryptsetup.c:643
#, c-format
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
"\n"
"<nome> è il device da creare in %s\n"
"<device> è il device cifrato\n"
"<slot di chiave> è il numero dello slot di chiave LUKS da modificare\n"
"<file chiave> è il file chiave opzionale per la nuova chiave per l'azione luksAddKey\n"
#: src/cryptsetup.c:650
#, c-format
msgid ""
"\n"
"Default compiled-in device cipher parameters:\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"
msgstr ""
"\n"
"Parametri predefiniti del cifrario del device:\n"
"\tin chiaro: %s, chiave: %d bit, hash della password: %s\n"
"\tLUKS1: %s, chiave: %d bit, hash dell'header LUKS: %s\n"
#: src/cryptsetup.c:697
msgid "Show this help message"
msgstr "Mostra questo messaggio d'aiuto"
#: src/cryptsetup.c:698
msgid "Display brief usage"
msgstr "Mostra il modo d'uso sintetico"
#: src/cryptsetup.c:702
msgid "Help options:"
msgstr "Opzioni di aiuto:"
#: src/cryptsetup.c:703
msgid "Shows more detailed error messages"
msgstr "Mostra i messaggi di errore con maggior dettaglio"
#: src/cryptsetup.c:704
msgid "Show debug messages"
msgstr "Mostra i messaggi di debug"
#: src/cryptsetup.c:705
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Il cifrario usato per cifrare il disco (vedere /proc/crypto)"
#: src/cryptsetup.c:706
msgid "The hash used to create the encryption key from the passphrase"
msgstr "L'hash usato per creare la chiave di cifratura dalla passphrase"
#: src/cryptsetup.c:707
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verifica la passphrase chiedendola due volte"
#: src/cryptsetup.c:708
msgid "Read the key from a file (can be /dev/random)"
msgstr "Legge la chiave da un file (può essere /dev/random)"
#: src/cryptsetup.c:709
msgid "Read the volume (master) key from file."
msgstr "Legge la chiave (master) del volume dal file."
#: src/cryptsetup.c:710
msgid "The size of the encryption key"
msgstr "La dimensione della chiave di cifratura"
#: src/cryptsetup.c:710
msgid "BITS"
msgstr "BIT"
#: src/cryptsetup.c:711
msgid "Slot number for new key (default is first free)"
msgstr "Numero dello slot per la nuova chiave (il primo libero è quello predefinito)"
#: src/cryptsetup.c:712
msgid "The size of the device"
msgstr "La dimensione del device"
#: src/cryptsetup.c:712 src/cryptsetup.c:713 src/cryptsetup.c:714
#: src/cryptsetup.c:722
msgid "SECTORS"
msgstr "SETTORI"
#: src/cryptsetup.c:713
msgid "The start offset in the backend device"
msgstr "L'offset iniziale del device di backend"
#: src/cryptsetup.c:714
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Quanti settori dei dati cifrati saltare dall'inizio"
#: src/cryptsetup.c:715
msgid "Create a readonly mapping"
msgstr "Crea una mappatura in sola lettura"
#: src/cryptsetup.c:716
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "Tempo di iterazione di PBKDF2 per LUKS (in ms)"
#: src/cryptsetup.c:717
msgid "msecs"
msgstr "msec"
#: src/cryptsetup.c:718
msgid "Do not ask for confirmation"
msgstr "Non chiede conferma"
#: src/cryptsetup.c:719
msgid "Print package version"
msgstr "Stampa la versione del pacchetto"
#: src/cryptsetup.c:720
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Timeout per il prompt interattivo della passphrase (in secondi)"
#: src/cryptsetup.c:720
msgid "secs"
msgstr "sec"
#: src/cryptsetup.c:721
msgid "How often the input of the passphrase can be retried"
msgstr "Quante volte può essere ritentato l'inserimento della passphrase"
#: src/cryptsetup.c:722
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Allinea il payload agli estremi del settore <n> - per luksFormat"
#: src/cryptsetup.c:723
msgid "(Obsoleted, see man page.)"
msgstr "(Obsoleto, consultare la pagina man.)"
#: src/cryptsetup.c:724
msgid "File with LUKS header and keyslots backup."
msgstr "File con header LUKS e backup degli slot di chiave."
#: src/cryptsetup.c:742
msgid "[OPTION...] <action> <action-specific>]"
msgstr "[OPZIONE...] <azione> <azione-specifica>]"
#: src/cryptsetup.c:778
msgid "Key size must be a multiple of 8 bits"
msgstr "La dimensione della chiave deve essere un multiplo di 8 bit"
#: src/cryptsetup.c:782
msgid "Argument <action> missing."
msgstr "Argomento <azione> mancante."
#: src/cryptsetup.c:788
msgid "Unknown action."
msgstr "Azione sconosciuta."
#: src/cryptsetup.c:803
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: richiede %s come argomenti"

821
po/nl.po
View File

@@ -1,821 +0,0 @@
# Dutch translation of cryptsetup.
# This file is distributed under the same license as the cryptsetup package.
# Copyright (C) 2010 Free Software Foundation, Inc.
# Koen Torfs <koen@indigetesdii.org>, 2010.
#
msgid ""
msgstr ""
"Project-Id-Version: cryptsetup-1.1.1-rc1\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
"POT-Creation-Date: 2010-05-01 16:21+0200\n"
"PO-Revision-Date: 2010-05-15 23:29+0100\n"
"Last-Translator: Koen Torfs <koen@indigetesdii.org>\n"
"Language-Team: Dutch <vertaling@vrijschrift.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: lib/libdevmapper.c:105
msgid "Cannot find compatible device-mapper kernel modules.\n"
msgstr "Kan compatibele kernelmodules voor apparaatstoewijzer niet vinden.\n"
#: lib/libdevmapper.c:111
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Kan apparaatstoewijzer niet initialiseren. Is kernelmodule dm_mod geladen?\n"
#: lib/libdevmapper.c:408
#, c-format
msgid "DM-UUID for device %s was truncated.\n"
msgstr "DM-UUID voor apparaat %s was afgekapt.\n"
#: lib/setup.c:103
#, c-format
msgid "Cannot not read %d bytes from key file %s.\n"
msgstr "Kan %d bytes uit sleutelbestand %s niet lezen.\n"
#: lib/setup.c:115
#, c-format
msgid "Key processing error (using hash algorithm %s).\n"
msgstr "Sleutelbehandelingsfout (met hash-algoritme %s in gebruik).\n"
#: lib/setup.c:170
msgid "All key slots full.\n"
msgstr "Alle sleutelplaatsen vol.\n"
#: lib/setup.c:177 lib/setup.c:305 lib/setup.c:779
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Sleutelplaats %d is ongeldig, selecteer een plaats tussen 0 en %d.\n"
#: lib/setup.c:183
#, c-format
msgid "Key slot %d is full, please select another one.\n"
msgstr "Sleutelplaats %d is vol, selecteer een andere.\n"
#: lib/setup.c:202
msgid "Enter any remaining LUKS passphrase: "
msgstr "Voer enig LUKS-wachtwoord in: "
#: lib/setup.c:223
#, c-format
msgid "Key slot %d verified.\n"
msgstr "Sleutelplaats %d geverifieerd.\n"
#: lib/setup.c:258
#, c-format
msgid "Cannot get info about device %s.\n"
msgstr "Kan geen informatie verkrijgen over apparaat %s.\n"
#: lib/setup.c:265
#, c-format
msgid "Device %s has zero size.\n"
msgstr "Apparaat %s heeft grootte nul.\n"
#: lib/setup.c:269
#, c-format
msgid "Device %s is too small.\n"
msgstr "Apparaat %s is te klein.\n"
#: lib/setup.c:294
msgid "Enter LUKS passphrase to be deleted: "
msgstr "Voer het te verwijderen LUKS-wachtwoord in: "
#: lib/setup.c:300
#, c-format
msgid "key slot %d selected for deletion.\n"
msgstr "sleutelplaats %d geselecteerd voor verwijdering.\n"
#: lib/setup.c:311
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr "Sleutel %d niet actief. Kan niet uitvegen.\n"
#: lib/setup.c:317
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Dit is de laatste sleutelplaats. Apparaat zal onbruikbaar worden na het verwijderen van deze sleutel."
#: lib/setup.c:365 lib/setup.c:1687 lib/setup.c:1740 lib/setup.c:1797
#, c-format
msgid "Device %s already exists.\n"
msgstr "Apparaat %s bestaat reeds.\n"
#: lib/setup.c:370
#, c-format
msgid "Invalid key size %d.\n"
msgstr "Ongeldige sleutelgrootte %d.\n"
#: lib/setup.c:472 lib/setup.c:1692
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Voer wachtwoord in voor %s: "
#: lib/setup.c:601 lib/setup.c:629 lib/setup.c:1401 lib/setup.c:1748
msgid "Enter passphrase: "
msgstr "Voer wachtwoord in: "
#: lib/setup.c:662 lib/setup.c:1046 lib/setup.c:1839
#, c-format
msgid "Device %s is not active.\n"
msgstr "Apparaat %s is niet actief.\n"
#: lib/setup.c:771
msgid "No known cipher specification pattern detected.\n"
msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden.\n"
#: lib/setup.c:785
msgid "Enter LUKS passphrase: "
msgstr "Voer LUKS-wachtwoord in: "
#: lib/setup.c:926 lib/setup.c:1153 lib/setup.c:1207 lib/setup.c:1232
#: lib/setup.c:1251
msgid "Cannot initialize crypto backend.\n"
msgstr "Kan versleutelingsbackend niet initialiseren.\n"
#: lib/setup.c:1066
msgid "Invalid plain crypt parameters.\n"
msgstr "Ongeldige normale versleutelingsparameters.\n"
#: lib/setup.c:1071
msgid "Invalid key size.\n"
msgstr "Ongeldige sleutelgrootte.\n"
#: lib/setup.c:1104
msgid "Can't format LUKS without device.\n"
msgstr "Kan LUKS niet formatteren zonder apparaat.\n"
#: lib/setup.c:1126
#, c-format
msgid "Can't wipe header on device %s.\n"
msgstr "Kan koptekst op apparaat %s niet uitvegen.\n"
#: lib/setup.c:1174
#, c-format
msgid "Unknown crypt device type %s requested.\n"
msgstr "Onbekend versleutelingsapparaattype %s aangevraagd.\n"
#: lib/setup.c:1293
#, c-format
msgid "Volume %s is not active.\n"
msgstr "Opslagmedium %s is niet actief.\n"
#: lib/setup.c:1306
#, c-format
msgid "Volume %s is already suspended.\n"
msgstr "Opslagmedium %s is reeds geschorst.\n"
#: lib/setup.c:1334 lib/setup.c:1383 lib/setup.c:1442 lib/setup.c:1520
#: lib/setup.c:1592 lib/setup.c:1637 lib/setup.c:1731 lib/setup.c:1788
#: lib/setup.c:1909 lib/setup.c:1992 lib/setup.c:2092
msgid "This operation is supported only for LUKS device.\n"
msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten.\n"
#: lib/setup.c:1345 lib/setup.c:1394
#, c-format
msgid "Volume %s is not suspended.\n"
msgstr "Opslagmedium %s is niet geschorst.\n"
#: lib/setup.c:1456 lib/setup.c:1534
msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Kan geen sleutelplaats toevoegen, alle plaatsen zijn uitgeschakeld en geen sleutel tot het opslagmedium voorzien.\n"
#: lib/setup.c:1465 lib/setup.c:1540 lib/setup.c:1543
msgid "Enter any passphrase: "
msgstr "Voer een wachtwoord in: "
#: lib/setup.c:1484 lib/setup.c:1558 lib/setup.c:1562 lib/setup.c:1615
msgid "Enter new passphrase for key slot: "
msgstr "Voer een nieuw wachtwoord in voor de sleutelplaats: "
#: lib/setup.c:1606 lib/setup.c:1808 lib/setup.c:1920
msgid "Volume key does not match the volume.\n"
msgstr "Sleutel tot opslagmedium komt niet overeen met het opslagmedium.\n"
#: lib/setup.c:1643
#, c-format
msgid "Key slot %d is invalid.\n"
msgstr "Sleutelplaats %d is ongeldig.\n"
#: lib/setup.c:1648
#, c-format
msgid "Key slot %d is not used.\n"
msgstr "Sleutelplaats %d is niet in gebruik.\n"
#: lib/setup.c:1835
#, c-format
msgid "Device %s is busy.\n"
msgstr "Apparaat %s is bezig.\n"
#: lib/setup.c:1843
#, c-format
msgid "Invalid device %s.\n"
msgstr "Ongeldig apparaat %s.\n"
#: lib/setup.c:1867
msgid "Volume key buffer too small.\n"
msgstr "Sleutelbuffer van het opslagmedium is te klein.\n"
#: lib/setup.c:1875
msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Kan sleutel tot het opslagmedium voor apparaat niet ophalen.\n"
#: lib/setup.c:1897
#, c-format
msgid "This operation is not supported for %s crypt device.\n"
msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n"
#: lib/utils.c:416
#, c-format
msgid "Failed to open key file %s.\n"
msgstr "Openen van sleutelbestand %s gefaald.\n"
#: lib/utils.c:436
msgid "Error reading passphrase from terminal.\n"
msgstr "Fout bij het lezen van het wachtwoord uit de terminal.\n"
#: lib/utils.c:441
msgid "Verify passphrase: "
msgstr "Verifieer wachtwoord: "
#: lib/utils.c:443
msgid "Passphrases do not match.\n"
msgstr "Wachtwoorden komen niet overeen.\n"
#: lib/utils.c:458
msgid "Can't do passphrase verification on non-tty inputs.\n"
msgstr "Kan geen wachtwoordverificatie uitvoeren op invoer van buiten de terminal.\n"
#: lib/utils.c:471
#, c-format
msgid "Failed to stat key file %s.\n"
msgstr "Stat op sleutelbestand %s gefaald.\n"
#: lib/utils.c:475
#, c-format
msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
msgstr "Let op: volledige lezing aangevraagd, maar sleutelbestand %s is geen regulier bestand, functie zal misschien nooit terugkeren.\n"
#: lib/utils.c:487
msgid "Out of memory while reading passphrase.\n"
msgstr "Geen geheugen meer beschikbaar bij lezen wachtwoord.\n"
#: lib/utils.c:494
msgid "Error reading passphrase.\n"
msgstr "Fout bij het lezen van het wachtwoord.\n"
#: lib/utils.c:531
#, c-format
msgid "Device %s doesn't exist or access denied.\n"
msgstr "Apparaat %s bestaat niet of toegang geweigerd.\n"
#: lib/utils.c:538
#, c-format
msgid "Cannot open device %s for %s%s access.\n"
msgstr "Kan apparaat %s niet openen voor %s%s toegang.\n"
#: lib/utils.c:539
msgid "exclusive "
msgstr "exclusief "
#: lib/utils.c:540
msgid "writable"
msgstr "schrijfbaar"
#: lib/utils.c:540
msgid "read-only"
msgstr "alleen-lezen"
#: lib/utils.c:547
#, c-format
msgid "Cannot read device %s.\n"
msgstr "Kan apparaat niet lezen: %s.\n"
#: lib/utils.c:577
#, c-format
msgid "Cannot open device: %s\n"
msgstr "Kan apparaat niet openen: %s\n"
#: lib/utils.c:587
#, c-format
msgid "BLKROGET failed on device %s.\n"
msgstr "BLKROGET gefaald op apparaat %s.\n"
#: lib/utils.c:612
#, c-format
msgid "BLKGETSIZE failed on device %s.\n"
msgstr "BLKGETSIZE gefaald op apparaat %s.\n"
#: lib/utils.c:660
msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
msgstr "LET OP!!! Mogelijk onveilig geheugen. Ben je systeembeheerder?\n"
#: lib/utils.c:666
msgid "Cannot get process priority.\n"
msgstr "Kan geen procesprioriteit verkrijgen.\n"
#: lib/utils.c:669 lib/utils.c:682
#, c-format
msgid "setpriority %u failed: %s"
msgstr "setpriority %u gefaald: %s"
#: lib/utils.c:680
msgid "Cannot unlock memory."
msgstr "Kan de vergrendeling van het geheugen niet opheffen."
#: luks/keyencryption.c:68
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr "Kan geen sectorgrootte verkrijgen voor %s"
#: luks/keyencryption.c:137
msgid "Failed to obtain device mapper directory."
msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen."
#: luks/keyencryption.c:153
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"
"%s"
msgstr ""
"Kan dm-crypt sleuteltoewijzing niet instellen voor apparaat %s.\n"
"Kijk na of de kernel versleutelalgoritme %s ondersteunt (bekijk syslog voor meer informatie).\n"
"%s"
#: luks/keyencryption.c:163
msgid "Failed to open temporary keystore device.\n"
msgstr "Openen van het tijdelijke sleutelopslagapparaat gefaald.\n"
#: luks/keyencryption.c:170
msgid "Failed to access temporary keystore device.\n"
msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n"
#: luks/keymanage.c:94
#, c-format
msgid "Requested file %s already exist.\n"
msgstr "Aangevraagd bestand %s bestaat reeds.\n"
#: luks/keymanage.c:114 luks/keymanage.c:257
#, c-format
msgid "Device %s is not a valid LUKS device.\n"
msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n"
#: luks/keymanage.c:134
#, c-format
msgid "Cannot write header backup file %s.\n"
msgstr "Kan reservekopie %s van koptekst niet schrijven.\n"
#: luks/keymanage.c:161
#, c-format
msgid "Backup file %s doesn't exist.\n"
msgstr "Reservekopie %s bestaat niet.\n"
#: luks/keymanage.c:169
msgid "Backup file do not contain valid LUKS header.\n"
msgstr "Reservekopie heeft geen geldige LUKS-koptekst.\n"
#: luks/keymanage.c:182
#, c-format
msgid "Cannot open header backup file %s.\n"
msgstr "Kan reservekopie %s van het kopbestand niet openen.\n"
#: luks/keymanage.c:188
#, c-format
msgid "Cannot read header backup file %s.\n"
msgstr "Kan reservekopie %s van het kopbestand niet lezen.\n"
#: luks/keymanage.c:199
msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Verschillende dataplaats of sleutelgrootte in apparaat en reservekopie, herstelling gefaald.\n"
#: luks/keymanage.c:207
#, c-format
msgid "Device %s %s%s"
msgstr "Apparaat %s %s%s"
#: luks/keymanage.c:208
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "bevat geen LUKS-kopbestand. Het kopbestand vervangen kan data op het apparaat vernietigen."
#: luks/keymanage.c:209
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "bevat reeds een LUKS-kopbestand. Het kopbestand vervangen zal bestaande sleutelplaatsen vernietigen."
#: luks/keymanage.c:210
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgstr ""
"\n"
"LET OP: originele apparaatskoptekst heeft een ander UUID dan de reservekopie!"
#: luks/keymanage.c:225 luks/keymanage.c:338 luks/keymanage.c:373
#, c-format
msgid "Cannot open device %s.\n"
msgstr "Kan apparaat %s niet openen.\n"
#: luks/keymanage.c:259
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "Apparaat %s is geen geldig LUKS-apparaat."
#: luks/keymanage.c:262
#, c-format
msgid "Unsupported LUKS version %d.\n"
msgstr "Niet ondersteunde LUKS-versie %d.\n"
#: luks/keymanage.c:265
#, c-format
msgid "Requested LUKS hash %s is not supported.\n"
msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n"
#: luks/keymanage.c:310
#, c-format
msgid "Cannot open file %s.\n"
msgstr "Kan bestand %s niet openen.\n"
#: luks/keymanage.c:350
#, c-format
msgid "LUKS header detected but device %s is too small.\n"
msgstr "LUKS-kopbestand gevonden maar apparaat %s is te klein.\n"
#: luks/keymanage.c:394
#, c-format
msgid "Error during update of LUKS header on device %s.\n"
msgstr "Fout bij het bijwerken van LUKS-kopbestand op apparaat %s.\n"
#: luks/keymanage.c:401
#, c-format
msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Fout bij het herlezen van LUKS-kopbestand na bijwerken van apparaat %s.\n"
#: luks/keymanage.c:413
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n"
msgstr "Niet-compatibele PBKDF2 opties (met hash-algoritme %s in gebruik).\n"
#: luks/keymanage.c:461
msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Kan LUKS-koptekst niet aanmaken: lezen van random salt gefaald.\n"
#: luks/keymanage.c:478
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Kan LUKS-koptekst niet aanmaken: verwerking van koptekst gefaald (met hash %s in gebruik).\n"
#: luks/keymanage.c:496
msgid "Wrong UUID format provided, generating new one.\n"
msgstr "Verkeerd UUID-formaat verschaft, een nieuwe wordt aangemaakt.\n"
#: luks/keymanage.c:523
#, c-format
msgid "Key slot %d active, purge first.\n"
msgstr "Sleutelplaats %d actief, ruim eerst op.\n"
#: luks/keymanage.c:528
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Inhoud van sleutelplaats %d bevat te weinig fragmenten. Koptekstmanipulatie?\n"
#: luks/keymanage.c:587
msgid "Failed to write to key storage.\n"
msgstr "Schrijven naar sleutelopslag gefaald.\n"
#: luks/keymanage.c:664
msgid "Failed to read from key storage.\n"
msgstr "Lezen uit sleutelopslag gefaald.\n"
#: luks/keymanage.c:673
#, c-format
msgid "Key slot %d unlocked.\n"
msgstr "Sleutelplaats %d ontgrendeld.\n"
#: luks/keymanage.c:706
msgid "No key available with this passphrase.\n"
msgstr "Geen sleutel beschikbaar met dit wachtwoord.\n"
#: luks/keymanage.c:783
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Sleutelplaats %d is ongeldig, selecteer een sleutelplaats tussen 0 en %d.\n"
#: luks/keymanage.c:795
#, c-format
msgid "Cannot wipe device %s.\n"
msgstr "Kan apparaat %s niet uitvegen.\n"
#: src/cryptsetup.c:71 src/cryptsetup.c:89
msgid "<name> <device>"
msgstr "<naam> <apparaat>"
#: src/cryptsetup.c:71
msgid "create device"
msgstr "apparaat aanmaken"
#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
#: src/cryptsetup.c:82
msgid "<name>"
msgstr "<naam>"
#: src/cryptsetup.c:72
msgid "remove device"
msgstr "apparaat verwijderen"
#: src/cryptsetup.c:73
msgid "resize active device"
msgstr "actief apparaat vergroten of verkleinen"
#: src/cryptsetup.c:74
msgid "show device status"
msgstr "apparaatstatus tonen"
#: src/cryptsetup.c:75 src/cryptsetup.c:77
msgid "<device> [<new key file>]"
msgstr "<apparaat> [<nieuw sleutelbestand>]"
#: src/cryptsetup.c:75
msgid "formats a LUKS device"
msgstr "formatteert een LUKS-apparaat"
#: src/cryptsetup.c:76
msgid "<device> <name> "
msgstr "<apparaat> <naam> "
#: src/cryptsetup.c:76
msgid "open LUKS device as mapping <name>"
msgstr "LUKS-apparaat als toewijzing <naam> openen"
#: src/cryptsetup.c:77
msgid "add key to LUKS device"
msgstr "sleutel aan LUKS-apparaat toevoegen"
#: src/cryptsetup.c:78
msgid "<device> [<key file>]"
msgstr "<apparaat> [<sleutelbestand>]"
#: src/cryptsetup.c:78
msgid "removes supplied key or key file from LUKS device"
msgstr "verwijdert verschafte sleutel of sleutelbestand van LUKS-apparaat"
#: src/cryptsetup.c:79 src/cryptsetup.c:88
msgid "<device> <key slot>"
msgstr "<apparaat> <sleutelplaats>"
#: src/cryptsetup.c:79
msgid "wipes key with number <key slot> from LUKS device"
msgstr "verwijdert sleutel met nummer <sleutelplaats> van LUKS-apparaat"
#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
#: src/cryptsetup.c:87
msgid "<device>"
msgstr "<apparaat>"
#: src/cryptsetup.c:80
msgid "print UUID of LUKS device"
msgstr "UUID van LUKS-apparaat tonen"
#: src/cryptsetup.c:81
msgid "tests <device> for LUKS partition header"
msgstr "test <apparaat> voor LUKS-partitiekoptekst"
#: src/cryptsetup.c:82
msgid "remove LUKS mapping"
msgstr "LUKS-toewijzing verwijderen"
#: src/cryptsetup.c:83
msgid "dump LUKS partition information"
msgstr "LUKS partitie-informatie dumpen"
#: src/cryptsetup.c:84
msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgstr "LUKS-apparaat schorsen en sleutel wissen (alle IOs zijn geblokkeerd)."
#: src/cryptsetup.c:85
msgid "Resume suspended LUKS device."
msgstr "Geschorst LUKS-apparaat hervatten."
#: src/cryptsetup.c:86
msgid "Backup LUKS device header and keyslots"
msgstr "Maak een reservekopie van LUKS-apparaatskopbestand en sleutelplaatsen"
#: src/cryptsetup.c:87
msgid "Restore LUKS device header and keyslots"
msgstr "Herstel LUKS-apparaatskopbestand en sleutelplaatsen"
#: src/cryptsetup.c:88
msgid "identical to luksKillSlot - DEPRECATED - see man page"
msgstr "identiek aan luksKillSlot - VEROUDERD - zie man-pagina"
#: src/cryptsetup.c:89
msgid "modify active device - DEPRECATED - see man page"
msgstr "actief apparaat wijzigen - VEROUDERD - zie man-pagina"
#: src/cryptsetup.c:180
msgid "Command successful.\n"
msgstr "Opdracht succesvol.\n"
#: src/cryptsetup.c:194
#, c-format
msgid "Command failed with code %i"
msgstr "Opdracht gefaald met code %i"
#: src/cryptsetup.c:222
msgid ""
"The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
msgstr ""
"De herlaadactie is verouderd. Gebruik “dmsetup reload” indien je deze functionaliteit echt nodig hebt.\n"
"LET OP: gebruik de herlaadactie niet om LUKS-apparaten te “touchen”. Indien je dat wil doen, typ nu Ctrl-C.\n"
#: src/cryptsetup.c:390
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Dit zal data op %s onherroepelijk overschrijven."
#: src/cryptsetup.c:391
msgid "memory allocation error in action_luksFormat"
msgstr "geheugentoewijzingsfout in action_luksFormat"
#: src/cryptsetup.c:421
msgid "Obsolete option --non-exclusive is ignored.\n"
msgstr "Verouderde optie --non-exclusive wordt genegeerd.\n"
#: src/cryptsetup.c:581 src/cryptsetup.c:603
msgid "Option --header-backup-file is required.\n"
msgstr "Optie --header-backup-file is vereist.\n"
#: src/cryptsetup.c:637
msgid ""
"\n"
"<action> is one of:\n"
msgstr ""
"\n"
"<actie> is een van:\n"
#: src/cryptsetup.c:643
#, c-format
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
"\n"
"<naam> is het apparaat aan te maken onder %s\n"
"<apparaat> is het versleutelde apparaat\n"
"<sleutelplaats> is het nummer van de te wijzigen LUKS-sleutelplaats\n"
"<sleutelbestand> optioneel sleutelbestand voor de nieuwe sleutel voor de luksAddKey-actie\n"
#: src/cryptsetup.c:650
#, c-format
msgid ""
"\n"
"Default compiled-in device cipher parameters:\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"
msgstr ""
"\n"
"Standaard meegecompileerde parameters van het apparaatsversleutelingsalgoritme:\n"
"\tplain: %s, Sleutel: %d bits, Wachtwoordhashing: %s\n"
"\tLUKS1: %s, Sleutel: %d bits, LUKS-kopteksthashing: %s\n"
#: src/cryptsetup.c:697
msgid "Show this help message"
msgstr "Deze helpboodschap tonen"
#: src/cryptsetup.c:698
msgid "Display brief usage"
msgstr "Kort gebruik tonen"
#: src/cryptsetup.c:702
msgid "Help options:"
msgstr "Helpopties:"
#: src/cryptsetup.c:703
msgid "Shows more detailed error messages"
msgstr "Toont meer gedetailleerde foutboodschappen"
#: src/cryptsetup.c:704
msgid "Show debug messages"
msgstr "Debugboodschappen tonen"
#: src/cryptsetup.c:705
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Het gebruikte versleutelalgoritme om de schijf te versleutelen (zie /proc/crypto)"
#: src/cryptsetup.c:706
msgid "The hash used to create the encryption key from the passphrase"
msgstr "De gebruikte hash om de encryptiesleutel uit het wachtwoord aan te maken"
#: src/cryptsetup.c:707
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verifieert het wachtwoord door het twee keer te vragen"
#: src/cryptsetup.c:708
msgid "Read the key from a file (can be /dev/random)"
msgstr "De sleutel uit een bestand lezen (mag /dev/random zijn)"
#: src/cryptsetup.c:709
msgid "Read the volume (master) key from file."
msgstr "Lees de (hoofd)sleutel tot het opslagmedium uit een bestand."
#: src/cryptsetup.c:710
msgid "The size of the encryption key"
msgstr "De grootte van de encryptiesleutel"
#: src/cryptsetup.c:710
msgid "BITS"
msgstr "BITS"
#: src/cryptsetup.c:711
msgid "Slot number for new key (default is first free)"
msgstr "Plaatsnummer voor nieuwe sleutel (standaard is de eerste open plaats)"
#: src/cryptsetup.c:712
msgid "The size of the device"
msgstr "De grootte van het apparaat"
#: src/cryptsetup.c:712 src/cryptsetup.c:713 src/cryptsetup.c:714
#: src/cryptsetup.c:721
msgid "SECTORS"
msgstr "SECTOREN"
#: src/cryptsetup.c:713
msgid "The start offset in the backend device"
msgstr "De startplaats in het backend-apparaat"
#: src/cryptsetup.c:714
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Hoeveel sectoren van de versleutelde data aan het begin over te slaan"
#: src/cryptsetup.c:715
msgid "Create a readonly mapping"
msgstr "Maak een alleen-lezen toewijzing aan"
#: src/cryptsetup.c:716
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)"
#: src/cryptsetup.c:716
msgid "msecs"
msgstr "milliseconden"
#: src/cryptsetup.c:717
msgid "Do not ask for confirmation"
msgstr "Niet om bevestiging vragen"
#: src/cryptsetup.c:718
msgid "Print package version"
msgstr "Pakketversie tonen"
#: src/cryptsetup.c:719
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Timeout voor interactieve wachtwoordprompt (in seconden)"
#: src/cryptsetup.c:719
msgid "secs"
msgstr "seconden"
#: src/cryptsetup.c:720
msgid "How often the input of the passphrase can be retried"
msgstr "Hoe vaak de invoering van het wachtwoord opnieuw geprobeerd kan worden"
#: src/cryptsetup.c:721
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Lijn payload uit op <n> sectorgrenzen - voor luksFormat"
#: src/cryptsetup.c:722
msgid "(Obsoleted, see man page.)"
msgstr "(Verouderd, zie man-pagina.)"
#: src/cryptsetup.c:723
msgid "File with LUKS header and keyslots backup."
msgstr "Bestand met reservekopie van LUKS-kopbestand en sleutelplaatsen."
#: src/cryptsetup.c:741
msgid "[OPTION...] <action> <action-specific>]"
msgstr "[OPTIE…] <actie> <actie-specifiek>]"
#: src/cryptsetup.c:777
msgid "Key size must be a multiple of 8 bits"
msgstr "Sleutelgrootte moet een meervoud zijn van 8 bits"
#: src/cryptsetup.c:781
msgid "Argument <action> missing."
msgstr "Argument <actie> ontbreekt."
#: src/cryptsetup.c:787
msgid "Unknown action."
msgstr "Onbekende actie."
#: src/cryptsetup.c:802
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: vereist %s als argumenten"
#~ msgid "%s is not LUKS device.\n"
#~ msgstr "%s is geen LUKS-apparaat.\n"
#~ msgid "%s is not LUKS device."
#~ msgstr "%s is geen LUKS-apparaat."

766
po/sv.po
View File

@@ -1,650 +1,210 @@
# Swedish translation for cryptsetup.
# Copyright (C) 2009 Free Software Foundation, Inc.
# Copyright (C) 2007 Free Software Foundation, Inc.
# This file is distributed under the same license as the cryptsetup package.
# Daniel Nylander <po@danielnylander.se>, 2009.
# Daniel Nylander <po@danielnylander.se>, 2007.
#
msgid ""
msgstr ""
"Project-Id-Version: cryptsetup 1.1.0-rc4\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
"POT-Creation-Date: 2009-12-30 20:09+0100\n"
"PO-Revision-Date: 2010-01-08 11:37+0100\n"
"Project-Id-Version: cryptsetup\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2009-01-13 20:50+0100\n"
"PO-Revision-Date: 2007-09-29 20:44+0100\n"
"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: lib/libdevmapper.c:48
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Kan inte initiera device-mapper. Är kärnmodulen dm_mod inläst?\n"
#: lib/setup.c:690
msgid ""
"This is the last keyslot. Device will become unusable after purging this key."
msgstr ""
"Det här är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att "
"denna nyckel tagits bort."
#: lib/libdevmapper.c:304
#: luks/keyencryption.c:70
#, c-format
msgid "DM-UUID for device %s was truncated.\n"
msgstr "DM-UUID för enheten %s förkortades.\n"
msgid "Unable to obtain sector size for %s"
msgstr "Kunde inte få sektorstorlek för %s"
#: lib/setup.c:103
#: luks/keyencryption.c:132
msgid "Failed to obtain device mapper directory."
msgstr "Misslyckades med att få katalog för enhetsmappare."
#: luks/keymanage.c:89
#, c-format
msgid "Cannot not read %d bytes from key file %s.\n"
msgstr "Kan inte läsa %d byte från nyckelfilen %s.\n"
msgid "Can't open device: %s\n"
msgstr "Kan inte öppna enhet: %s\n"
#: lib/setup.c:115
msgid "Key processing error.\n"
msgstr "Fel vid nyckelbehandling.\n"
#: lib/setup.c:169
msgid "All key slots full.\n"
msgstr "Alla nyckelplatser är upptagna.\n"
#: lib/setup.c:176 lib/setup.c:304 lib/setup.c:778
#: luks/keymanage.c:96
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Nyckelplats %d är ogiltig. Välj mellan 0 och %d.\n"
msgid "%s is not a LUKS partition\n"
msgstr "%s är inte en LUKS-partition\n"
#: lib/setup.c:182
#, c-format
msgid "Key slot %d is full, please select another one.\n"
msgstr "Nyckelplats %d är full. Välj en annan.\n"
#: luks/keymanage.c:99
#, fuzzy
msgid "unknown hash spec in phdr\n"
msgstr "okänd hash angiven i phdr"
#: lib/setup.c:201
msgid "Enter any remaining LUKS passphrase: "
msgstr "Ange eventuell återstående LUKS-lösenfras: "
#: luks/keymanage.c:102
#, fuzzy, c-format
msgid "unknown LUKS version %d\n"
msgstr "okänd version %d\n"
#: lib/setup.c:222
#, c-format
msgid "Key slot %d verified.\n"
msgstr "Nyckelplats %d har verifierats.\n"
#: luks/keymanage.c:130 luks/keymanage.c:412
#, fuzzy, c-format
msgid "Can't open device %s"
msgstr "Kan inte öppna enhet: %s\n"
#: lib/setup.c:257
#, c-format
msgid "Cannot get info about device %s.\n"
msgstr "Kan inte hämta information om enheten %s.\n"
#: luks/keymanage.c:220
#, fuzzy, c-format
msgid "key %d active, purge first"
msgstr "nyckel %d är aktiv, ta bort först.\n"
#: lib/setup.c:264
#, c-format
msgid "Device %s has zero size.\n"
msgstr "Enheten %s har noll storlek.\n"
#: luks/keymanage.c:225
#, fuzzy, c-format
msgid "key material section %d includes too few stripes. Header manipulation?"
msgstr "nyckelmaterialsektion %d inkluderar för få delar. Manipulerat huvud?\n"
#: lib/setup.c:268
#, c-format
msgid "Device %s is too small.\n"
msgstr "Enheten %s är för liten.\n"
#: lib/setup.c:293
msgid "Enter LUKS passphrase to be deleted: "
msgstr "Ange LUKS-lösenfras att ta bort: "
#: lib/setup.c:299
#, c-format
msgid "key slot %d selected for deletion.\n"
msgstr "nyckeplats %d markerad för borttagning.\n"
#: lib/setup.c:310
#: luks/keymanage.c:447
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr "Nyckel %d är inte aktiv. Kan inte rensa.\n"
#: lib/setup.c:316
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Detta är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att denna nyckel tagits bort."
#: luks/keymanage.c:492
#, fuzzy, c-format
msgid "Can't open device for %s%saccess: %s\n"
msgstr "Kan inte öppna enhet: %s\n"
#: lib/setup.c:364 lib/setup.c:1651 lib/setup.c:1704 lib/setup.c:1761
#, c-format
msgid "Device %s already exists.\n"
msgstr "Enheten %s finns redan.\n"
#: lib/setup.c:369
#, c-format
msgid "Invalid key size %d.\n"
msgstr "Ogiltig nyckelstorlek %d.\n"
#: lib/setup.c:471 lib/setup.c:1656
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Ange lösenfras för %s: "
#: lib/setup.c:600 lib/setup.c:628 lib/setup.c:1365 lib/setup.c:1712
msgid "Enter passphrase: "
msgstr "Ange lösenfras: "
#: lib/setup.c:661 lib/setup.c:1040 lib/setup.c:1803
#, c-format
msgid "Device %s is not active.\n"
msgstr "Enheten %s är inte aktiv.\n"
#: lib/setup.c:770
msgid "No known cipher specification pattern detected.\n"
msgstr "Inget känt chifferspecifikationsmönster kunde identifieras.\n"
#: lib/setup.c:784
msgid "Enter LUKS passphrase: "
msgstr "Ange LUKS-lösenfras: "
#: lib/setup.c:1060
msgid "Invalid plain crypt parameters.\n"
msgstr "Ogiltiga parametrar för vanlig kryptering.\n"
#: lib/setup.c:1065
msgid "Invalid key size.\n"
msgstr "Ogiltig nyckelstorlek.\n"
#: lib/setup.c:1097
msgid "Can't format LUKS without device.\n"
msgstr "Kan inte formatera LUKS utan enhet.\n"
#: lib/setup.c:1112
#, c-format
msgid "Can't wipe header on device %s.\n"
msgstr "Kan inte rensa huvudet på enheten %s.\n"
#: lib/setup.c:1154
#, c-format
msgid "Unknown crypt device type %s requested.\n"
msgstr "Okänd typ av krypteringsenhet %s begärd.\n"
#: lib/setup.c:1187
msgid "Cannot initialize crypto backend.\n"
msgstr "Kan inte initiera krypteringsbakände.\n"
#: lib/setup.c:1261
#, c-format
msgid "Volume %s is not active.\n"
msgstr "Volymen %s är inte aktiv.\n"
#: lib/setup.c:1274
#, c-format
msgid "Volume %s is already suspended.\n"
msgstr "Volymen %s är redan i vänteläge.\n"
#: lib/setup.c:1300 lib/setup.c:1347 lib/setup.c:1406 lib/setup.c:1484
#: lib/setup.c:1556 lib/setup.c:1601 lib/setup.c:1695 lib/setup.c:1752
#: lib/setup.c:1873 lib/setup.c:1956 lib/setup.c:2056
msgid "This operation is supported only for LUKS device.\n"
msgstr "Denna åtgärd stöds endast för LUKS-enheter.\n"
#: lib/setup.c:1311 lib/setup.c:1358
#, c-format
msgid "Volume %s is not suspended.\n"
msgstr "Volymen %s är inte i vänteläge.\n"
#: lib/setup.c:1420 lib/setup.c:1498
msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Kan inte lägga till nyckelplats. Alla platser är inaktiverade och ingen volymnyckel har angivits.\n"
#: lib/setup.c:1429 lib/setup.c:1504 lib/setup.c:1507
msgid "Enter any passphrase: "
msgstr "Ange valfri lösenfras: "
#: lib/setup.c:1448 lib/setup.c:1522 lib/setup.c:1526 lib/setup.c:1579
msgid "Enter new passphrase for key slot: "
msgstr "Ange ny lösenfras för nyckelplats: "
#: lib/setup.c:1570 lib/setup.c:1772 lib/setup.c:1884
msgid "Volume key does not match the volume.\n"
msgstr "Volymnyckeln stämmer inte överens med volymen.\n"
#: lib/setup.c:1607
#, c-format
msgid "Key slot %d is invalid.\n"
msgstr "Nyckelplats %d är ogiltig.\n"
#: lib/setup.c:1612
#, c-format
msgid "Key slot %d is not used.\n"
msgstr "Nyckelplats %d används inte.\n"
#: lib/setup.c:1799
#, c-format
msgid "Device %s is busy.\n"
msgstr "Enheten %s är upptagen.\n"
#: lib/setup.c:1807
#, c-format
msgid "Invalid device %s.\n"
msgstr "Ogiltig enhet %s.\n"
#: lib/setup.c:1831
msgid "Volume key buffer too small.\n"
msgstr "Buffert för volymnyckel är för liten.\n"
#: lib/setup.c:1839
msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Kan inte hämta volymnyckel för vanlig enhet.\n"
#: lib/setup.c:1861
#, c-format
msgid "This operation is not supported for %s crypt device.\n"
msgstr "Denna åtgärd stöds inte för krypteringsenheter av typen %s.\n"
#: lib/utils.c:416
#, c-format
msgid "Failed to open key file %s.\n"
msgstr "Misslyckades med att öppna nyckelfilen %s.\n"
#: lib/utils.c:436
msgid "Error reading passphrase from terminal.\n"
msgstr "Fel vid läsning av lösenfras från terminal.\n"
#: lib/utils.c:441
msgid "Verify passphrase: "
msgstr "Verifiera lösenfras: "
#: lib/utils.c:443
msgid "Passphrases do not match.\n"
msgstr "Lösenfraserna stämmer inte överens.\n"
#: lib/utils.c:458
msgid "Can't do passphrase verification on non-tty inputs.\n"
msgstr "Kan inte verifiera lösenfras på icke-tty-ingångar.\n"
#: lib/utils.c:471
#, c-format
msgid "Failed to stat key file %s.\n"
msgstr "Misslyckades med att ta status på nyckelfilen %s.\n"
#: lib/utils.c:475
#, c-format
msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
msgstr "Varning: utförlig läsning begärd men nyckelfilen %s är inte en vanlig fil, funktionen kanske aldrig avslutas.\n"
#: lib/utils.c:487
msgid "Out of memory while reading passphrase.\n"
msgstr "Slut på minne vid läsning av lösenfras.\n"
#: lib/utils.c:494
msgid "Error reading passphrase.\n"
msgstr "Fel vid läsning av lösenfras.\n"
#: lib/utils.c:531
#, c-format
msgid "Device %s doesn't exist or access denied.\n"
msgstr "Enheten %s finns inte eller åtkomst nekas.\n"
#: lib/utils.c:538
#, c-format
msgid "Cannot open device %s for %s%s access.\n"
msgstr "Kan inte öppna enheten %s för %s%s åtkomst.\n"
#: lib/utils.c:539
#: luks/keymanage.c:492
msgid "exclusive "
msgstr "exklusiv"
#: lib/utils.c:540
msgid "writable"
msgstr "skrivbar"
#: lib/utils.c:540
msgid "read-only"
msgstr "skrivskyddad"
#: lib/utils.c:547
#, c-format
msgid "Cannot read device %s.\n"
msgstr "Kan inte läsa enheten %s.\n"
#: lib/utils.c:577
#, c-format
msgid "Cannot open device: %s\n"
msgstr "Kan inte öppna enheten: %s\n"
#: lib/utils.c:587
#, c-format
msgid "BLKROGET failed on device %s.\n"
msgstr "BLKROGET misslyckades på enheten %s.\n"
#: lib/utils.c:612
#, c-format
msgid "BLKGETSIZE failed on device %s.\n"
msgstr "BLKGETSIZE misslyckades på enheten %s.\n"
#: lib/utils.c:660
msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
msgstr "VARNING!!! Potentiellt osäkert minne. Är du root?\n"
#: lib/utils.c:666
msgid "Cannot get process priority.\n"
msgstr "Kan inte få processprioritet.\n"
#: lib/utils.c:669 lib/utils.c:682
#, c-format
msgid "setpriority %u failed: %s"
msgstr "setpriority %u misslyckades: %s"
#: lib/utils.c:680
msgid "Cannot unlock memory."
msgstr "Kan inte låsa upp minne."
#: luks/keyencryption.c:68
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr "Kunde inte läsa av sektorstorlek för %s"
#: luks/keyencryption.c:137
msgid "Failed to obtain device mapper directory."
msgstr "Misslyckades med att läsa av katalog för enhetsmappning."
#: luks/keyencryption.c:153
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"
"%s"
msgstr ""
"Misslyckades med att konfigurera nyckelmappning för dm-crypt för\n"
"enheten %s. Kontrollera att kärnan har stöd för chiffret %s\n"
"(kontrollera syslog för mer information).\n"
"%s"
#: luks/keyencryption.c:163
msgid "Failed to open temporary keystore device.\n"
msgstr "Misslyckades med att öppna temporär nyckellagringsenhet.\n"
#: luks/keyencryption.c:170
msgid "Failed to access temporary keystore device.\n"
msgstr "Misslyckades med att komma åt temporär nyckellagringsenhet.\n"
#: luks/keymanage.c:91
#, c-format
msgid "Requested file %s already exist.\n"
msgstr "Begärda filen %s finns redan.\n"
#: luks/keymanage.c:111
#, c-format
msgid "Device %s is not LUKS device.\n"
msgstr "Enheten %s är inte en LUKS-enhet.\n"
#: luks/keymanage.c:131
#, c-format
msgid "Cannot write header backup file %s.\n"
msgstr "Kan inte skriva säkerhetskopia för huvud %s.\n"
#: luks/keymanage.c:158
#, c-format
msgid "Backup file %s doesn't exist.\n"
msgstr "Säkerhetskopian %s finns inte.\n"
#: luks/keymanage.c:166
msgid "Backup file do not contain valid LUKS header.\n"
msgstr "Säkerhetskopian innehåller inte något giltigt LUKS-huvud.\n"
#: luks/keymanage.c:179
#, c-format
msgid "Cannot open header backup file %s.\n"
msgstr "Kan inte öppna säkerhetskopia för huvud %s.\n"
#: luks/keymanage.c:185
#, c-format
msgid "Cannot read header backup file %s.\n"
msgstr "Kan inte läsa säkerhetskopia för huvud %s.\n"
#: luks/keymanage.c:196
msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Dataoffset eller nyckelstorlek skiljer sig på enhet och säkerhetskopia. Återställningen misslyckades.\n"
#: luks/keymanage.c:204
#, c-format
msgid "Device %s %s%s"
msgstr "Enhet %s %s%s"
#: luks/keymanage.c:205
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "innehåller inget LUKS-huvud. Ersättning av huvud kan förstöra data på enheten."
#: luks/keymanage.c:206
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "innehåller redan LUKS-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser."
#: luks/keymanage.c:207
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
#: luks/keymanage.c:492
msgid "writable "
msgstr ""
"\n"
"VARNING: verkligt enhetshuvud har annat UUID än säkerhetskopian!"
#: luks/keymanage.c:222 luks/keymanage.c:319 luks/keymanage.c:354
#, c-format
msgid "Cannot open device %s.\n"
msgstr "Kan inte öppna enheten %s.\n"
#: luks/keymanage.c:254
#, c-format
msgid "%s is not LUKS device.\n"
msgstr "%s är inte en LUKS-enhet.\n"
#: luks/keymanage.c:256
#, c-format
msgid "%s is not LUKS device."
msgstr "%s är inte en LUKS-enhet."
#: luks/keymanage.c:259
#, c-format
msgid "Unsupported LUKS version %d.\n"
msgstr "LUKS-versionen %d stöds inte.\n"
#: luks/keymanage.c:262
#, c-format
msgid "Requested LUKS hash %s is not supported.\n"
msgstr "Begärd LUKS-hash %s stöds inte.\n"
#: luks/keymanage.c:293
#, c-format
msgid "Cannot open file %s.\n"
msgstr "Kan inte öppna filen %s.\n"
#: luks/keymanage.c:331
#, c-format
msgid "LUKS header detected but device %s is too small.\n"
msgstr "LUKS-huvud identifierat men enheten %s är för liten.\n"
#: luks/keymanage.c:375
#, c-format
msgid "Error during update of LUKS header on device %s.\n"
msgstr "Fel vid uppdatering av LUKS-huvud på enheten %s.\n"
#: luks/keymanage.c:382
#, c-format
msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Fel vid omläsning av LUKS-huvud efter uppdatering på enheten %s.\n"
#: luks/keymanage.c:394
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Ej kompatibla PBKDF2-flaggor (använder hash-algoritmen %s)."
#: luks/keymanage.c:439
msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Kan inte skapa LUKS-huvud: läsning av slumpmässigt salt misslyckades.\n"
#: luks/keymanage.c:456
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Kan inte skapa LUKS-huvud: huvudsammanfattning misslyckades (använder hashen %s).\n"
#: luks/keymanage.c:473
msgid "Wrong UUID format provided, generating new one.\n"
msgstr "Felaktigt UUID-format angavs, genererar ny.\n"
#: luks/keymanage.c:500
#, c-format
msgid "Key slot %d active, purge first.\n"
msgstr "Nyckelplats %d är aktiv, rensa först.\n"
#: luks/keymanage.c:505
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Nyckelplats %d material inkluderar för få stripes. Har huvudet manipulerats?\n"
#: luks/keymanage.c:564
msgid "Failed to write to key storage.\n"
msgstr "Misslyckades med att skriva till nyckellagring.\n"
#: luks/keymanage.c:641
msgid "Failed to read from key storage.\n"
msgstr "Misslyckades med att läsa från nyckellagring.\n"
#: luks/keymanage.c:650
#, c-format
msgid "Key slot %d unlocked.\n"
msgstr "Nyckelplats %d är upplåst.\n"
#: luks/keymanage.c:683
msgid "No key available with this passphrase.\n"
msgstr "Ingen nyckel finns tillgänglig med denna lösenfras.\n"
#: luks/keymanage.c:760
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Nyckelplats %d är ogiltig. Välj en nyckelplats mellan 0 och %d.\n"
#: luks/keymanage.c:772
#, c-format
msgid "Cannot wipe device %s.\n"
msgstr "Kan inte rensa enheten %s.\n"
#: src/cryptsetup.c:71 src/cryptsetup.c:89
#: src/cryptsetup.c:61 src/cryptsetup.c:75
msgid "<name> <device>"
msgstr "<namn> <enhet>"
#: src/cryptsetup.c:71
#: src/cryptsetup.c:61
msgid "create device"
msgstr "skapa enhet"
#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
#: src/cryptsetup.c:82
#: src/cryptsetup.c:62 src/cryptsetup.c:63 src/cryptsetup.c:64
#: src/cryptsetup.c:72
msgid "<name>"
msgstr "<namn>"
#: src/cryptsetup.c:72
#: src/cryptsetup.c:62
msgid "remove device"
msgstr "ta bort enhet"
#: src/cryptsetup.c:73
#: src/cryptsetup.c:63
msgid "resize active device"
msgstr "ändra storlek på aktiv enhet"
#: src/cryptsetup.c:74
#: src/cryptsetup.c:64
msgid "show device status"
msgstr "visa enhetsstatus"
#: src/cryptsetup.c:75 src/cryptsetup.c:77
#: src/cryptsetup.c:65 src/cryptsetup.c:67
msgid "<device> [<new key file>]"
msgstr "<enhet> [<ny nyckelfil>]"
#: src/cryptsetup.c:75
#: src/cryptsetup.c:65
msgid "formats a LUKS device"
msgstr "formaterar en LUKS-enhet"
#: src/cryptsetup.c:76
#: src/cryptsetup.c:66
msgid "<device> <name> "
msgstr "<enhet> <namn> "
#: src/cryptsetup.c:76
#: src/cryptsetup.c:66
msgid "open LUKS device as mapping <name>"
msgstr "öppna LUKS-enhet som mappning <namn>"
#: src/cryptsetup.c:77
#: src/cryptsetup.c:67
msgid "add key to LUKS device"
msgstr "lägg till nyckel till LUKS-enhet"
#: src/cryptsetup.c:78
#: src/cryptsetup.c:68
#, fuzzy
msgid "<device> [<key file>]"
msgstr "<enhet> [<nyckelfil>]"
msgstr "<enhet> [<ny nyckelfil>]"
#: src/cryptsetup.c:78
#: src/cryptsetup.c:68
#, fuzzy
msgid "removes supplied key or key file from LUKS device"
msgstr "tar bort angiven nyckel eller nyckelfil från LUKS-enhet"
msgstr "rensar nyckeln med nummer <nyckelplats> från LUKS-enhet"
#: src/cryptsetup.c:79 src/cryptsetup.c:88
#: src/cryptsetup.c:69 src/cryptsetup.c:74
msgid "<device> <key slot>"
msgstr "<enhet> <nyckelplats>"
#: src/cryptsetup.c:79
#: src/cryptsetup.c:69
msgid "wipes key with number <key slot> from LUKS device"
msgstr "rensar nyckeln med nummer <nyckelplats> från LUKS-enhet"
#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
#: src/cryptsetup.c:87
#: src/cryptsetup.c:70 src/cryptsetup.c:71 src/cryptsetup.c:73
msgid "<device>"
msgstr "<enhet>"
#: src/cryptsetup.c:80
#: src/cryptsetup.c:70
msgid "print UUID of LUKS device"
msgstr "skriv ut UUID för LUKS-enhet"
#: src/cryptsetup.c:81
#: src/cryptsetup.c:71
msgid "tests <device> for LUKS partition header"
msgstr "testar <enhet> för LUKS-partitionshuvud"
#: src/cryptsetup.c:82
#: src/cryptsetup.c:72
msgid "remove LUKS mapping"
msgstr "ta bort LUKS-mappning"
#: src/cryptsetup.c:83
#: src/cryptsetup.c:73
msgid "dump LUKS partition information"
msgstr "skriver ut information om LUKS-partition"
msgstr "skriv ut information om LUKS-partition"
#: src/cryptsetup.c:84
msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgstr "Försätt LUKS-enhet i vänteläge och rensa nyckel (alla in-/ut-åtgärder är frusna)."
#: src/cryptsetup.c:85
msgid "Resume suspended LUKS device."
msgstr "Återuppta LUKS-enhet i vänteläge."
#: src/cryptsetup.c:86
msgid "Backup LUKS device header and keyslots"
msgstr "Säkerhetskopiera huvud och nyckelplatser från LUKS-enhet"
#: src/cryptsetup.c:87
msgid "Restore LUKS device header and keyslots"
msgstr "Återställ huvud och nyckelplatser för LUKS-enhet"
#: src/cryptsetup.c:88
#: src/cryptsetup.c:74
msgid "identical to luksKillSlot - DEPRECATED - see man page"
msgstr "identisk med luksKillSlot - FÖRÅLDRAD - se manualsida"
msgstr ""
#: src/cryptsetup.c:89
#: src/cryptsetup.c:75
msgid "modify active device - DEPRECATED - see man page"
msgstr "ändra aktiv enhet - FÖRÅLDRAD - se manualsida"
msgstr ""
#: src/cryptsetup.c:180
#: src/cryptsetup.c:125
#, c-format
msgid "Command successful.\n"
msgstr "Kommandot lyckades.\n"
#: src/cryptsetup.c:194
#: src/cryptsetup.c:138
#, c-format
msgid "Command failed with code %i"
msgstr "Kommandot misslyckades med kod %i"
msgid "Command failed"
msgstr "Kommandot misslyckades"
#: src/cryptsetup.c:222
#: src/cryptsetup.c:168
#, c-format
msgid ""
"The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
"The reload action is deprecated. Please use \"dmsetup reload\" in case you "
"really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit "
"Ctrl-C now.\n"
msgstr ""
"Omläsningsåtgärden är föråldrad. Använd \"dmsetup reload\" om du verkligen behöver denna funktion.\n"
"VARNING: använd inte omläsning för \"touch\" på LUKS-enheter. Om så är fallet, tryck Ctrl-C nu.\n"
#: src/cryptsetup.c:390
#: src/cryptsetup.c:267
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Detta kommer att skriva över data på %s och går inte att ångra."
msgstr "Det här kommer att skriva över data permanent på %s."
#: src/cryptsetup.c:391
#: src/cryptsetup.c:268
msgid "memory allocation error in action_luksFormat"
msgstr "minnesallokeringsfel i action_luksFormat"
#: src/cryptsetup.c:421
msgid "Obsolete option --non-exclusive is ignored.\n"
msgstr "Föråldrad flagga --non-exclusive ignoreras.\n"
#: src/cryptsetup.c:581 src/cryptsetup.c:603
msgid "Option --header-backup-file is required.\n"
msgstr "Flaggan --header-backup-file krävs.\n"
#: src/cryptsetup.c:637
#: src/cryptsetup.c:418
#, c-format
msgid ""
"\n"
"<action> is one of:\n"
@@ -652,7 +212,7 @@ msgstr ""
"\n"
"<åtgärd> är en av:\n"
#: src/cryptsetup.c:643
#: src/cryptsetup.c:424
#, c-format
msgid ""
"\n"
@@ -664,152 +224,134 @@ msgstr ""
"\n"
"<namn> är enheten att skapa under %s\n"
"<enhet> är den krypterade enheten\n"
"<nyckelplats> är numret för LUKS-nyckelplatsen att ändra\n"
"<nyckelfil> valfri nyckelfil för den nya nyckeln för luksAddKey-åtgärden\n"
"<nyckelplats> är LUKS-nyckelplatsens nummer att ändra\n"
"<nyckelfil> valfri nyckelfil för den nya nyckeln för luksAddKey-åtgärd\n"
#: src/cryptsetup.c:650
#, c-format
msgid ""
"\n"
"Default compiled-in device cipher parameters:\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"
msgstr ""
"\n"
"Inkompilerade standardchifferparametrar för enheter:\n"
"\tplain: %s, Nyckel: %d bitar, Lösenordshashning: %s\n"
"\tLUKS1: %s, Nyckel: %d bitar, LUKS header-hashning: %s\n"
#: src/cryptsetup.c:697
#: src/cryptsetup.c:440
msgid "Show this help message"
msgstr "Visa detta hjälpmeddelande"
msgstr "Visa det här hjälpmeddelandet"
#: src/cryptsetup.c:698
#: src/cryptsetup.c:441
msgid "Display brief usage"
msgstr "Visa kort information om användning"
#: src/cryptsetup.c:702
#: src/cryptsetup.c:445
msgid "Help options:"
msgstr "Hjälpflaggor:"
#: src/cryptsetup.c:703
#: src/cryptsetup.c:446
msgid "Shows more detailed error messages"
msgstr "Visar mer detaljerade felmeddelanden"
#: src/cryptsetup.c:704
msgid "Show debug messages"
msgstr "Visa felsökningsmeddelanden"
#: src/cryptsetup.c:705
#: src/cryptsetup.c:447
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Chiffret som används för att kryptera disken (se /proc/crypto)"
#: src/cryptsetup.c:706
#: src/cryptsetup.c:448
msgid "The hash used to create the encryption key from the passphrase"
msgstr "Hashen som används för att skapa krypteringsnyckel från lösenfras"
msgstr "Hashen som används för att skapa krypteringsnyckeln från lösenfrasen"
#: src/cryptsetup.c:707
#: src/cryptsetup.c:449
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verifierar lösenfrasen genom att fråga efter den två gånger"
#: src/cryptsetup.c:708
#: src/cryptsetup.c:450
msgid "Read the key from a file (can be /dev/random)"
msgstr "Läs nyckeln från en fil (kan vara /dev/random)"
#: src/cryptsetup.c:709
msgid "Read the volume (master) key from file."
msgstr "Läs volymnyckeln (master) från fil."
#: src/cryptsetup.c:710
#: src/cryptsetup.c:451
msgid "The size of the encryption key"
msgstr "Storleken för krypteringsnyckeln"
msgstr "Storleken krypteringsnyckeln"
#: src/cryptsetup.c:710
#: src/cryptsetup.c:451
msgid "BITS"
msgstr "BITAR"
#: src/cryptsetup.c:711
#: src/cryptsetup.c:452
msgid "Slot number for new key (default is first free)"
msgstr "Platsnummer för ny nyckel (standard är första lediga)"
msgstr ""
#: src/cryptsetup.c:712
#: src/cryptsetup.c:453
msgid "The size of the device"
msgstr "Storleken för enheten"
msgstr "Storleken enheten"
#: src/cryptsetup.c:712 src/cryptsetup.c:713 src/cryptsetup.c:714
#: src/cryptsetup.c:722
#: src/cryptsetup.c:453 src/cryptsetup.c:454 src/cryptsetup.c:455
#: src/cryptsetup.c:463
msgid "SECTORS"
msgstr "SEKTORER"
#: src/cryptsetup.c:713
#: src/cryptsetup.c:454
msgid "The start offset in the backend device"
msgstr "Startoffset i bakändesenheten"
msgstr "Startpositionen i bakändesenheten"
#: src/cryptsetup.c:714
#: src/cryptsetup.c:455
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Hur många sektorer av krypterat data som ska hoppas över i början"
msgstr ""
"Hur många sektorer av det krypterade datat som ska hoppas över i början"
#: src/cryptsetup.c:715
#: src/cryptsetup.c:456
msgid "Create a readonly mapping"
msgstr "Skapa en skrivskyddad mappning"
#: src/cryptsetup.c:716
#: src/cryptsetup.c:457
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "PBKDF2-iterationstid för LUKS (i ms)"
#: src/cryptsetup.c:717
#: src/cryptsetup.c:458
msgid "msecs"
msgstr "ms"
#: src/cryptsetup.c:718
#: src/cryptsetup.c:459
msgid "Do not ask for confirmation"
msgstr "Fråga inte efter bekräftelse"
#: src/cryptsetup.c:719
#: src/cryptsetup.c:460
msgid "Print package version"
msgstr "Skriv ut paketversion"
#: src/cryptsetup.c:720
#: src/cryptsetup.c:461
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Tidsgräns för interaktiv lösenfrasprompt (i sekunder)"
msgstr "Tidsgräns för interaktiv prompt för lösenfras (i sekunder)"
#: src/cryptsetup.c:720
#: src/cryptsetup.c:461
msgid "secs"
msgstr "s"
msgstr "sekunder"
#: src/cryptsetup.c:721
#: src/cryptsetup.c:462
msgid "How often the input of the passphrase can be retried"
msgstr "Hur många inmatningsförsök av lösenfrasen som kan göras"
msgstr "Hur ofta inmatning av lösenfras kan upprepas"
#: src/cryptsetup.c:722
#: src/cryptsetup.c:463
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Justera nyttolast i <n> sektorgränser - för luksFormat"
msgstr "Justera data i <n> sektorgränser - för luksFormat"
#: src/cryptsetup.c:723
msgid "(Obsoleted, see man page.)"
msgstr "(Föråldrad, se manualsida)"
#: src/cryptsetup.c:464
msgid "Allows non-exclusive access for luksOpen, WARNING see manpage."
msgstr ""
#: src/cryptsetup.c:724
msgid "File with LUKS header and keyslots backup."
msgstr "Fil med säkerhetskopior av LUKS-huvud och nyckelplatser."
#: src/cryptsetup.c:742
#: src/cryptsetup.c:480
msgid "[OPTION...] <action> <action-specific>]"
msgstr "[FLAGGA...] <åtgärd> <åtgärdsspecifik>]"
#: src/cryptsetup.c:778
#: src/cryptsetup.c:516
msgid "Key size must be a multiple of 8 bits"
msgstr "Nyckelstorlek måste vara en multipel av 8 bitar"
msgstr "Nyckelstorleken måste vara en multipel av 8 bitar"
#: src/cryptsetup.c:782
#: src/cryptsetup.c:520
msgid "Argument <action> missing."
msgstr "Argumentet <åtgärd> saknas."
#: src/cryptsetup.c:788
#: src/cryptsetup.c:526
msgid "Unknown action."
msgstr "Okänd åtgärd."
#: src/cryptsetup.c:803
#: src/cryptsetup.c:541
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: kräver %s som argument"
#~ msgid "modify active device"
#~ msgstr "ändra aktiv enhet"
#~ msgid "key %d is disabled.\n"
#~ msgstr "nyckel %d är inaktiverad.\n"

818
po/vi.po
View File

@@ -1,818 +0,0 @@
# Vietnamese translation for CryptSetup.
# Copyright © 2010 Free Software Foundation, Inc.
# This file is distributed under the same license as the cryptsetup package.
# Clytie Siddall <clytie@riverland.net.au>, 2010.
#
msgid ""
msgstr ""
"Project-Id-Version: cryptsetup 1.1.1-rc1\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
"POT-Creation-Date: 2010-05-01 16:21+0200\n"
"PO-Revision-Date: 2010-05-03 18:14+0930\n"
"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Generator: LocFactoryEditor 1.8\n"
#: lib/libdevmapper.c:105
msgid "Cannot find compatible device-mapper kernel modules.\n"
msgstr "Không tìm thấy mô-đun hạt nhân ánh xạ thiết bị tương thích.\n"
#: lib/libdevmapper.c:111
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Không thể sơ khởi tiến trình ánh xạ thiết bị. Mô-đun hạt nhân « dm_mod » được nạp chưa?\n"
#: lib/libdevmapper.c:408
#, c-format
msgid "DM-UUID for device %s was truncated.\n"
msgstr "Mã số DM-UUID cho thiết bị %s bị cắt bớt.\n"
#: lib/setup.c:103
#, c-format
msgid "Cannot not read %d bytes from key file %s.\n"
msgstr "Không thể đọc %d byte từ tập tin khoá %s.\n"
#: lib/setup.c:115
#, c-format
msgid "Key processing error (using hash algorithm %s).\n"
msgstr "Lỗi xử lý khoá (dùng thuật toán chuỗi duy nhất %s).\n"
#: lib/setup.c:170
msgid "All key slots full.\n"
msgstr "Mọi khe khoá đều bị đầy.\n"
#: lib/setup.c:177 lib/setup.c:305 lib/setup.c:779
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Khe khoá %d không đúng, hãy chọn một giá trị trong phạm vi 0 đến %d.\n"
#: lib/setup.c:183
#, c-format
msgid "Key slot %d is full, please select another one.\n"
msgstr "Khe khoá %d bị đầy, hãy chọn một khe khác.\n"
#: lib/setup.c:202
msgid "Enter any remaining LUKS passphrase: "
msgstr "Gõ cụm từ mật khẩu LUKS nào còn lại:"
#: lib/setup.c:223
#, c-format
msgid "Key slot %d verified.\n"
msgstr "Khe khoá %d được thẩm định.\n"
#: lib/setup.c:258
#, c-format
msgid "Cannot get info about device %s.\n"
msgstr "Không thể lấy thông tin về thiết bị %s.\n"
#: lib/setup.c:265
#, c-format
msgid "Device %s has zero size.\n"
msgstr "Thiết bị %s có kích cỡ số không.\n"
#: lib/setup.c:269
#, c-format
msgid "Device %s is too small.\n"
msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n"
#: lib/setup.c:294
msgid "Enter LUKS passphrase to be deleted: "
msgstr "Gõ cụm từ mật khẩu LUKS cần xoá:"
#: lib/setup.c:300
#, c-format
msgid "key slot %d selected for deletion.\n"
msgstr "khe khoá %d được chọn để xoá.\n"
#: lib/setup.c:311
#, c-format
msgid "Key %d not active. Can't wipe.\n"
msgstr "Khoá %d không hoạt động thì không xoá được.\n"
#: lib/setup.c:317
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Đây là khe khoá cuối cùng. Sau khi tẩy khoá này thì thiết bị không dùng được."
#: lib/setup.c:365 lib/setup.c:1687 lib/setup.c:1740 lib/setup.c:1797
#, c-format
msgid "Device %s already exists.\n"
msgstr "Thiết bị %s đã có.\n"
#: lib/setup.c:370
#, c-format
msgid "Invalid key size %d.\n"
msgstr "Kích cỡ khoá không đúng %d.\n"
#: lib/setup.c:472 lib/setup.c:1692
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Gõ cụm từ mật khẩu cho %s: "
#: lib/setup.c:601 lib/setup.c:629 lib/setup.c:1401 lib/setup.c:1748
msgid "Enter passphrase: "
msgstr "Gõ cụm từ mật khẩu: "
#: lib/setup.c:662 lib/setup.c:1046 lib/setup.c:1839
#, c-format
msgid "Device %s is not active.\n"
msgstr "Thiết bị %s không hoạt động.\n"
#: lib/setup.c:771
msgid "No known cipher specification pattern detected.\n"
msgstr "Không phát hiện mẫu chỉ thị mật mã đã biết.\n"
#: lib/setup.c:785
msgid "Enter LUKS passphrase: "
msgstr "Gõ cụm từ mật khẩu LUKS: "
#: lib/setup.c:926 lib/setup.c:1153 lib/setup.c:1207 lib/setup.c:1232
#: lib/setup.c:1251
msgid "Cannot initialize crypto backend.\n"
msgstr "Không thể sơ khởi hậu phương mật mã.\n"
#: lib/setup.c:1066
msgid "Invalid plain crypt parameters.\n"
msgstr "Sai lập tham số mật mã bình thường.\n"
#: lib/setup.c:1071
msgid "Invalid key size.\n"
msgstr "Kích cỡ khoá không đúng.\n"
#: lib/setup.c:1104
msgid "Can't format LUKS without device.\n"
msgstr "Không thể định dạng LUKS mà không có thiết bị.\n"
#: lib/setup.c:1126
#, c-format
msgid "Can't wipe header on device %s.\n"
msgstr "Không thể xoá phần đầu trên thiết bị %s.\n"
#: lib/setup.c:1174
#, c-format
msgid "Unknown crypt device type %s requested.\n"
msgstr "Không rõ kiểu thiết bị mật mã %s được yêu cầu.\n"
#: lib/setup.c:1293
#, c-format
msgid "Volume %s is not active.\n"
msgstr "Khối tin %s không hoạt động.\n"
#: lib/setup.c:1306
#, c-format
msgid "Volume %s is already suspended.\n"
msgstr "Khối %s đã bị ngưng.\n"
#: lib/setup.c:1334 lib/setup.c:1383 lib/setup.c:1442 lib/setup.c:1520
#: lib/setup.c:1592 lib/setup.c:1637 lib/setup.c:1731 lib/setup.c:1788
#: lib/setup.c:1909 lib/setup.c:1992 lib/setup.c:2092
msgid "This operation is supported only for LUKS device.\n"
msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n"
#: lib/setup.c:1345 lib/setup.c:1394
#, c-format
msgid "Volume %s is not suspended.\n"
msgstr "Khối %s không bị ngưng.\n"
#: lib/setup.c:1456 lib/setup.c:1534
msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Không thể thêm khe khoá vì mọi khe đều bị tắt và không cung cấp khoá khối tin.\n"
#: lib/setup.c:1465 lib/setup.c:1540 lib/setup.c:1543
msgid "Enter any passphrase: "
msgstr "Gõ bất cứ cụm từ mật khẩu nào: "
#: lib/setup.c:1484 lib/setup.c:1558 lib/setup.c:1562 lib/setup.c:1615
msgid "Enter new passphrase for key slot: "
msgstr "Gõ cụm từ mật khẩu mới cho khe khoá: "
#: lib/setup.c:1606 lib/setup.c:1808 lib/setup.c:1920
msgid "Volume key does not match the volume.\n"
msgstr "Khoá khối tin không tương ứng với khối tin đó.\n"
#: lib/setup.c:1643
#, c-format
msgid "Key slot %d is invalid.\n"
msgstr "Khe khoá %d không đúng.\n"
#: lib/setup.c:1648
#, c-format
msgid "Key slot %d is not used.\n"
msgstr "Khe khoá %d không được dùng.\n"
#: lib/setup.c:1835
#, c-format
msgid "Device %s is busy.\n"
msgstr "Thiết bị %s đang bận.\n"
#: lib/setup.c:1843
#, c-format
msgid "Invalid device %s.\n"
msgstr "Thiết bị không đúng %s.\n"
#: lib/setup.c:1867
msgid "Volume key buffer too small.\n"
msgstr "Vùng đệm khoá khối tin quá nhỏ.\n"
#: lib/setup.c:1875
msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Không thể lấy khoá khối tin cho thiết bị bình thường.\n"
#: lib/setup.c:1897
#, c-format
msgid "This operation is not supported for %s crypt device.\n"
msgstr "Thao tác này không được hỗ trợ cho thiết bị mật mã %s.\n"
#: lib/utils.c:416
#, c-format
msgid "Failed to open key file %s.\n"
msgstr "Lỗi mở tập tin khoá %s.\n"
#: lib/utils.c:436
msgid "Error reading passphrase from terminal.\n"
msgstr "Gặp lỗi khi đọc cụm từ mật khẩu từ thiết bị cuối.\n"
#: lib/utils.c:441
msgid "Verify passphrase: "
msgstr "Thẩm tra cụm từ mật khẩu: "
#: lib/utils.c:443
msgid "Passphrases do not match.\n"
msgstr "Hai cụm từ mật khẩu không trùng nhau.\n"
#: lib/utils.c:458
msgid "Can't do passphrase verification on non-tty inputs.\n"
msgstr "Không thể thẩm tra cụm từ mật khẩu trên đầu vào khác TTY.\n"
#: lib/utils.c:471
#, c-format
msgid "Failed to stat key file %s.\n"
msgstr "Lỗi lấy trạng thái về tập tin khoá %s.\n"
#: lib/utils.c:475
#, c-format
msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
msgstr "Cảnh báo : yêu cầu một hàm đọc vét kiệt mà tập tin khoá %s không phải là một tập tin thông thường thì có thể là hàm chưa bao giờ trả lại.\n"
#: lib/utils.c:487
msgid "Out of memory while reading passphrase.\n"
msgstr "Tràn bộ nhớ trong khi đọc cụm từ mật khẩu.\n"
#: lib/utils.c:494
msgid "Error reading passphrase.\n"
msgstr "Lỗi đọc cụm từ mật khẩu.\n"
#: lib/utils.c:531
#, c-format
msgid "Device %s doesn't exist or access denied.\n"
msgstr "Thiết bị %s không tồn tại hoặc không đủ quyền truy cập.\n"
#: lib/utils.c:538
#, c-format
msgid "Cannot open device %s for %s%s access.\n"
msgstr "Không thể mở thiết bị %s cho truy cập %s%s.\n"
#: lib/utils.c:539
msgid "exclusive "
msgstr "dành riêng"
#: lib/utils.c:540
msgid "writable"
msgstr "ghi được"
#: lib/utils.c:540
msgid "read-only"
msgstr "chỉ đọc"
#: lib/utils.c:547
#, c-format
msgid "Cannot read device %s.\n"
msgstr "Không thể đọc thiết bị %s.\n"
#: lib/utils.c:577
#, c-format
msgid "Cannot open device: %s\n"
msgstr "Không thể mở thiết bị: %s\n"
#: lib/utils.c:587
#, c-format
msgid "BLKROGET failed on device %s.\n"
msgstr "BLKROGET bị lỗi trên thiết bị %s.\n"
#: lib/utils.c:612
#, c-format
msgid "BLKGETSIZE failed on device %s.\n"
msgstr "BLKGETSIZE bị lỗi trên thiết bị %s.\n"
#: lib/utils.c:660
msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
msgstr "CẢNH BÁO ! Có thể là vùng nhớ không an toàn. Bạn đang chạy dưới người chủ (root) không?\n"
#: lib/utils.c:666
msgid "Cannot get process priority.\n"
msgstr "Không thể lấy mức ưu tiên của tiến trình.\n"
#: lib/utils.c:669 lib/utils.c:682
#, c-format
msgid "setpriority %u failed: %s"
msgstr "setpriority %u bị lỗi: %s"
#: lib/utils.c:680
msgid "Cannot unlock memory."
msgstr "Không thể mở khoá vùng nhớ."
#: luks/keyencryption.c:68
#, c-format
msgid "Unable to obtain sector size for %s"
msgstr "Không thể lấy kích cỡ rãnh ghi cho %s"
#: luks/keyencryption.c:137
msgid "Failed to obtain device mapper directory."
msgstr "Lỗi lấy thư mục trình ánh xạ thiết bị."
#: luks/keyencryption.c:153
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"
"%s"
msgstr ""
"Lỗi thiết lập chức năng ánh xạ khoá dm-crypt cho thiết bị %s.\n"
"Kiểm tra lại hạt nhân hỗ trợ mật mã %s\n"
"(xem sổ theo dõi hệ thống để tìm thêm thông tin.)\n"
"%s"
#: luks/keyencryption.c:163
msgid "Failed to open temporary keystore device.\n"
msgstr "Lỗi mở thiết bị lưu trữ khoá tạm thời.\n"
#: luks/keyencryption.c:170
msgid "Failed to access temporary keystore device.\n"
msgstr "Lỗi truy cập đến thiết bị lưu trữ khoá tạm thời.\n"
#: luks/keymanage.c:94
#, c-format
msgid "Requested file %s already exist.\n"
msgstr "Yêu cầu tập tin %s đã có.\n"
#: luks/keymanage.c:114 luks/keymanage.c:257
#, c-format
msgid "Device %s is not a valid LUKS device.\n"
msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n"
#: luks/keymanage.c:134
#, c-format
msgid "Cannot write header backup file %s.\n"
msgstr "Không thể ghi nhớ tập tin sao lưu phần đầu %s.\n"
#: luks/keymanage.c:161
#, c-format
msgid "Backup file %s doesn't exist.\n"
msgstr "Tập tin sao lưu %s không tồn tại.\n"
#: luks/keymanage.c:169
msgid "Backup file do not contain valid LUKS header.\n"
msgstr "Tập tin sao lưu không chứa phần đầu LUKS đúng.\n"
#: luks/keymanage.c:182
#, c-format
msgid "Cannot open header backup file %s.\n"
msgstr "Không mở được tập tin sao lưu phần đầu %s.\n"
#: luks/keymanage.c:188
#, c-format
msgid "Cannot read header backup file %s.\n"
msgstr "Không đọc được tập tin sao lưu phần đầu %s.\n"
#: luks/keymanage.c:199
msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Khoảng bù dữ liệu hoặc kích cỡ khoá vẫn khác nhau trên thiết bị và bản sao lưu thì chức năng phục hồi bị lỗi.\n"
#: luks/keymanage.c:207
#, c-format
msgid "Device %s %s%s"
msgstr "Thiết bị %s %s%s"
#: luks/keymanage.c:208
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "không chứa phần đầu LUKS. Thay thế phần đầu thì cũng có thể hủy dữ liệu trên thiết bị đó."
#: luks/keymanage.c:209
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "đã chứa phần đầu LUKS. Thay thế phần đầu thì cũng hủy các khe khoá đã có."
#: luks/keymanage.c:210
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgstr ""
"\n"
"CẢNH BÁO: phần đầu thiết bị thật có mã số UUID khác với bản sao lưu !"
#: luks/keymanage.c:225 luks/keymanage.c:338 luks/keymanage.c:373
#, c-format
msgid "Cannot open device %s.\n"
msgstr "Không thể mở thiết bị %s.\n"
#: luks/keymanage.c:259
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng."
#: luks/keymanage.c:262
#, c-format
msgid "Unsupported LUKS version %d.\n"
msgstr "Phiên bản LUKS không được hỗ trợ %d.\n"
#: luks/keymanage.c:265
#, c-format
msgid "Requested LUKS hash %s is not supported.\n"
msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n"
#: luks/keymanage.c:310
#, c-format
msgid "Cannot open file %s.\n"
msgstr "Không thể mở tập tin %s.\n"
#: luks/keymanage.c:350
#, c-format
msgid "LUKS header detected but device %s is too small.\n"
msgstr "Phát hiện được phần đầu LUKS mà thiết bị %s quá nhỏ.\n"
#: luks/keymanage.c:394
#, c-format
msgid "Error during update of LUKS header on device %s.\n"
msgstr "Gặp lỗi trong khi cập nhật phần đầu LUKS trên thiết bị %s.\n"
#: luks/keymanage.c:401
#, c-format
msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Gặp lỗi trong khi đọc lại phần đầu LUKS sau khi cập nhật trên thiết bị %s.\n"
#: luks/keymanage.c:413
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n"
msgstr "Gặp các tuỳ chọn PBKDF2 không tương thích (dùng thuật toán chuỗi duy nhất %s).\n"
#: luks/keymanage.c:461
msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Không thể tạo phần đầu LUKS: lỗi đọc salt ngẫu nhiên.\n"
#: luks/keymanage.c:478
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Không thể tạo phần đầu LUKS: lỗi tạo bản tóm tắt (dùng chuỗi duy nhất %s).\n"
#: luks/keymanage.c:496
msgid "Wrong UUID format provided, generating new one.\n"
msgstr "Đưa ra định dạng mã số UUID không đúng nên tạo định dạng mới.\n"
#: luks/keymanage.c:523
#, c-format
msgid "Key slot %d active, purge first.\n"
msgstr "Khe khoá %d vẫn hoạt động: cần tẩy trước.\n"
#: luks/keymanage.c:528
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Nguyên liệu khe khoá %d gồm có quá ít sọc. Có nên thao tác phần đầu không?\n"
#: luks/keymanage.c:587
msgid "Failed to write to key storage.\n"
msgstr "Lỗi ghi khoá vào kho lưu khoá.\n"
#: luks/keymanage.c:664
msgid "Failed to read from key storage.\n"
msgstr "Lỗi đọc từ kho lưu khoá.\n"
#: luks/keymanage.c:673
#, c-format
msgid "Key slot %d unlocked.\n"
msgstr "Khe khoá %d được mở khoá.\n"
#: luks/keymanage.c:706
msgid "No key available with this passphrase.\n"
msgstr "Không có khoá sẵn sàng dùng với cụm từ mật khẩu này.\n"
#: luks/keymanage.c:783
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Khe khoá %d không đúng: hãy chọn khe khoá trong phạm vi 0 đến %d.\n"
#: luks/keymanage.c:795
#, c-format
msgid "Cannot wipe device %s.\n"
msgstr "Không thể xoá thiết bị %s.\n"
#: src/cryptsetup.c:71 src/cryptsetup.c:89
msgid "<name> <device>"
msgstr "<tên> <thiết_bị>"
#: src/cryptsetup.c:71
msgid "create device"
msgstr "tạo thiết bị"
#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
#: src/cryptsetup.c:82
msgid "<name>"
msgstr "<tên>"
#: src/cryptsetup.c:72
msgid "remove device"
msgstr "gỡ bỏ thiết bị"
#: src/cryptsetup.c:73
msgid "resize active device"
msgstr "thay đổi kích cỡ của thiết bị hoạt động"
#: src/cryptsetup.c:74
msgid "show device status"
msgstr "hiển thị trạng thái về thiết bị"
#: src/cryptsetup.c:75 src/cryptsetup.c:77
msgid "<device> [<new key file>]"
msgstr "<thiết_bị> [<tập_tin_khoá_mới>]"
#: src/cryptsetup.c:75
msgid "formats a LUKS device"
msgstr "định dạng một thiết bị kiểu LUKS"
#: src/cryptsetup.c:76
msgid "<device> <name> "
msgstr "<thiết_bị> <tên> "
#: src/cryptsetup.c:76
msgid "open LUKS device as mapping <name>"
msgstr "mở thiết bị LUKS như là bản ánh xạ <tên>"
#: src/cryptsetup.c:77
msgid "add key to LUKS device"
msgstr "thêm khoá vào thiết bị LUKS"
#: src/cryptsetup.c:78
msgid "<device> [<key file>]"
msgstr "<thiết_bị> [<tập_tin_khoá>]"
#: src/cryptsetup.c:78
msgid "removes supplied key or key file from LUKS device"
msgstr "gỡ bỏ khỏi thiết bị LUKS khoá hoặc tập tin khoá đưa ra"
#: src/cryptsetup.c:79 src/cryptsetup.c:88
msgid "<device> <key slot>"
msgstr "<thiết_bị> <khe_khoá>"
#: src/cryptsetup.c:79
msgid "wipes key with number <key slot> from LUKS device"
msgstr "xoá khỏi thiết bị LUKS khoá có số <khe_khoá>"
#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
#: src/cryptsetup.c:87
msgid "<device>"
msgstr "<thiết_bị>"
#: src/cryptsetup.c:80
msgid "print UUID of LUKS device"
msgstr "in ra mã số UUID của thiết bị LUKS"
#: src/cryptsetup.c:81
msgid "tests <device> for LUKS partition header"
msgstr "thử <thiết_bị> có phần đầu phân vùng LUKS không"
#: src/cryptsetup.c:82
msgid "remove LUKS mapping"
msgstr "gỡ bỏ sự ánh xạ LUKS"
#: src/cryptsetup.c:83
msgid "dump LUKS partition information"
msgstr "đổ thông tin về phân vùng LUKS"
#: src/cryptsetup.c:84
msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgstr "Ngưng thiết bị LUKS và xoá khoá (thì mọi việc V/R đều đông cứng)."
#: src/cryptsetup.c:85
msgid "Resume suspended LUKS device."
msgstr "Tiếp tục lại sử dụng thiết bị LUKS bị ngưng."
#: src/cryptsetup.c:86
msgid "Backup LUKS device header and keyslots"
msgstr "Sao lưu phần đầu và các khe khoá của thiết bị LUKS"
#: src/cryptsetup.c:87
msgid "Restore LUKS device header and keyslots"
msgstr "Phục hồi phần đầu và các khe khoá của thiết bị LUKS"
#: src/cryptsetup.c:88
msgid "identical to luksKillSlot - DEPRECATED - see man page"
msgstr "trùng với luksKillSlot - BỊ PHẢN ĐỐI - xem trang hướng dẫn"
#: src/cryptsetup.c:89
msgid "modify active device - DEPRECATED - see man page"
msgstr "sửa đổi thiết bị hoạt động - BỊ PHẢN ĐỐI - xem trang hướng dẫn"
#: src/cryptsetup.c:180
msgid "Command successful.\n"
msgstr "Câu lệnh đã chạy thành công.\n"
#: src/cryptsetup.c:194
#, c-format
msgid "Command failed with code %i"
msgstr "Câu lệnh đã thất bại với mã %i"
#: src/cryptsetup.c:222
msgid ""
"The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
"WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
msgstr ""
"Hành động nạp lại bị phản đối. Hãy sử dụng « dmsetup reload » trong trường hợp bạn thực sự yêu cầu chức năng này.\n"
"CẢNH BÁO : đừng sử dụng chức năng nạp lại để thao tác thiết bị kiểu LUKS. Trong trường hợp đó, bấm tổ hợp phím Ctrl-C ngay bây giờ.\n"
#: src/cryptsetup.c:390
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Hành động này sẽ ghi đè lên dữ liệu trên thiết bị %s một cách không phục hồi được."
#: src/cryptsetup.c:391
msgid "memory allocation error in action_luksFormat"
msgstr "gặp lỗi phân cấp vùng nhớ trong « action_luksFormat »"
#: src/cryptsetup.c:421
msgid "Obsolete option --non-exclusive is ignored.\n"
msgstr "Tuỳ chọn cũ « --non-exclusive » bị bỏ qua.\n"
#: src/cryptsetup.c:581 src/cryptsetup.c:603
msgid "Option --header-backup-file is required.\n"
msgstr "Tuỳ chọn « --header-backup-file » cũng cần thiết.\n"
#: src/cryptsetup.c:637
msgid ""
"\n"
"<action> is one of:\n"
msgstr ""
"\n"
"<hành_vi> là một của những điều dưới đây:\n"
#: src/cryptsetup.c:643
#, c-format
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
"\n"
"<tên> là thiết bị cần tạo dưới %s\n"
"<thiết_bị> là thiết bị đã mật mã\n"
"<khe_khoá> là số thứ tự khe khoá LUKS cần sửa đổi\n"
"<tập_tin_khoá> là tập tin khoá tuỳ chọn cho khoá mới trong hành động luksAddKey\n"
#: src/cryptsetup.c:650
#, c-format
msgid ""
"\n"
"Default compiled-in device cipher parameters:\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"
msgstr ""
"\n"
"Các tham số mặc định về mật mã thiết bị biên dịch vào:\n"
"\tbình thường: %s, Khoá: %d bit, Tạo chuỗi duy nhất mật khẩu: %s\n"
"\tLUKS1: %s, Khoá: %d bit, Tạo chuỗi duy nhất phần đầu LUKS: %s\n"
#: src/cryptsetup.c:697
msgid "Show this help message"
msgstr "Hiển thị trợ giúp này"
#: src/cryptsetup.c:698
msgid "Display brief usage"
msgstr " Hiển thị thông điệp ngắn về cách sử dụng"
#: src/cryptsetup.c:702
msgid "Help options:"
msgstr "Tùy chọn trợ giúp:"
#: src/cryptsetup.c:703
msgid "Shows more detailed error messages"
msgstr "Hiển thị các thông điệp lỗi chi tiết hơn"
#: src/cryptsetup.c:704
msgid "Show debug messages"
msgstr "Hiển thị thông điệp gỡ lỗi"
#: src/cryptsetup.c:705
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Mật mã dùng để bảo vệ đĩa (xem « /proc/crypto »)"
#: src/cryptsetup.c:706
msgid "The hash used to create the encryption key from the passphrase"
msgstr "Chuỗi duy nhất dùng để tạo khoá mật mã từ cụm từ mật khẩu"
#: src/cryptsetup.c:707
msgid "Verifies the passphrase by asking for it twice"
msgstr "Thẩm tra cụm từ mật khẩu bằng cách yêu cầu nó hai lần"
#: src/cryptsetup.c:708
msgid "Read the key from a file (can be /dev/random)"
msgstr "Đọc khoá từ một tập tin nào đó (có thể là « /dev/random »)"
#: src/cryptsetup.c:709
msgid "Read the volume (master) key from file."
msgstr "Đọc khoá khối tin (chủ) từ tập tin."
#: src/cryptsetup.c:710
msgid "The size of the encryption key"
msgstr "Kích cỡ của khoá mật mã"
#: src/cryptsetup.c:710
msgid "BITS"
msgstr "BIT"
#: src/cryptsetup.c:711
msgid "Slot number for new key (default is first free)"
msgstr "Số thứ tự khe cho khoá mới (mặc định là khe trống thứ nhất)"
#: src/cryptsetup.c:712
msgid "The size of the device"
msgstr "Kích cỡ của thiết bị"
#: src/cryptsetup.c:712 src/cryptsetup.c:713 src/cryptsetup.c:714
#: src/cryptsetup.c:721
msgid "SECTORS"
msgstr "RÃNH GHI"
#: src/cryptsetup.c:713
msgid "The start offset in the backend device"
msgstr "Khoảng bù đầu tiên trong thiết bị hậu phương"
#: src/cryptsetup.c:714
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Bao nhiêu rãnh ghi dữ liệu mật mã cần bỏ qua ở đầu"
#: src/cryptsetup.c:715
msgid "Create a readonly mapping"
msgstr "Tạo một sự ánh xạ chỉ cho phép đọc"
#: src/cryptsetup.c:716
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)"
#: src/cryptsetup.c:716
msgid "msecs"
msgstr "mili-giây"
#: src/cryptsetup.c:717
msgid "Do not ask for confirmation"
msgstr "Đừng yêu cầu xác nhận"
#: src/cryptsetup.c:718
msgid "Print package version"
msgstr "In ra phiên bản gói"
#: src/cryptsetup.c:719
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Thời hạn khi nhắc gõ cụm từ mật khẩu (theo giây)"
#: src/cryptsetup.c:719
msgid "secs"
msgstr "giây"
#: src/cryptsetup.c:720
msgid "How often the input of the passphrase can be retried"
msgstr "Số các lần có thể thử lại gõ cụm từ mật khẩu"
#: src/cryptsetup.c:721
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Sắp hàng trọng tải ở <n> biên giới rãnh ghi — cho định dạng luksFormat"
#: src/cryptsetup.c:722
msgid "(Obsoleted, see man page.)"
msgstr "(Bị phản đối, xem trang hướng dẫn.)"
#: src/cryptsetup.c:723
msgid "File with LUKS header and keyslots backup."
msgstr "Tập tin chứa bản sao lưu phần đầu và các khe khoá của thiết bị LUKS."
#: src/cryptsetup.c:741
msgid "[OPTION...] <action> <action-specific>]"
msgstr "[TÙY_CHỌN...] <hành_vi> <đặc_trưng_cho_hành_vi>]"
#: src/cryptsetup.c:777
msgid "Key size must be a multiple of 8 bits"
msgstr "Kích cỡ khoá phải là bội số cho 8 bit"
#: src/cryptsetup.c:781
msgid "Argument <action> missing."
msgstr "Đối số <hành_vi> còn thiếu."
#: src/cryptsetup.c:787
msgid "Unknown action."
msgstr "Hành động không rõ."
#: src/cryptsetup.c:802
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: cần thiết %s làm đối số"

204
setup-gettext Executable file
View File

@@ -0,0 +1,204 @@
#!/bin/sh
#
# setup-gettext - Provides compatibility with versions of gettext
# from the 0.10.x series and 0.11.x.
#
# Copyright (C) 2002 Christian Hammond.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
# MA 02111-1307 USA
#
VERSION=0.1.3
VERBOSE=1
parse_gettext_version() {
GETTEXT_VERSION=`$GETTEXT_TOOL --version | sed -n 's/^.*\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\).*$/\1.\2.\3/p'`
GETTEXT_MAJOR_VERSION=`echo $GETTEXT_VERSION | sed -n 's/^\([0-9]\+\).*/\1/p'`
GETTEXT_MINOR_VERSION=`echo $GETTEXT_VERSION | sed -n 's/^[0-9]\+\.\([0-9]\+\).*/\1/p'`
GETTEXT_MICRO_VERSION=`echo $GETTEXT_VERSION | sed -n 's/^[0-9]\+\.[0-9]\+\.\([0-9]\+\).*/\1/p'`
}
find_gettext() {
GETTEXT_TOOL=autopoint
(autopoint --version) < /dev/null > /dev/null 2>&1 || {
GETTEXT_TOOL=gettextize
(gettextize --version) < /dev/null > /dev/null 2>&1 || {
GETTEXT_TOOL=
}
}
}
install() {
[ -f configure.in ] && {
cp configure.in .tmp-configure.in
sed -e 's/^AM_GNU_GETTEXT\(.*\)$/AM_GNU_GETTEXT\1\
AM_GNU_GETTEXT_VERSION(0.10.40)/' < .tmp-configure.in > configure.in
rm .tmp-configure.in
}
[ -f configure.ac ] && {
cp configure.ac .tmp-configure.ac
sed -e 's/^AM_GNU_GETTEXT\(.*\)$/AM_GNU_GETTEXT\1\
AM_GNU_GETTEXT_VERSION(0.10.40)/' < .tmp-configure.ac > configure.ac
rm .tmp-configure.ac
}
[ -f autogen.sh ] && {
cp autogen.sh .tmp-autogen.sh
sed -e 's/\(gettextize\|autopoint\) --version/.\/setup-gettext --gettext-tool/1' -e 's/^\(echo.*|[\t ]*\)\?\(gettextize\|autopoint\) -.*$/.\/setup-gettext/1' < .tmp-autogen.sh > autogen.sh
rm .tmp-autogen.sh
}
echo 'AC_DEFUN([AM_GNU_GETTEXT_VERSION], [])' >> acinclude.m4
}
backup_m4() {
[ -d m4 ] && mv m4 m4~
}
restore_m4() {
[ -d m4~ ] && {
rm -rf m4
mv m4~ m4
}
}
restore_files() {
[ -f configure.in~ ] && mv -f configure.in~ configure.in
[ -f configure.ac~ ] && mv -f configure.ac~ configure.ac
[ -f Makefile.am~ ] && mv -f Makefile.am~ Makefile.am
}
abort() {
restore_files
restore_m4
exit 1
}
# Main code
find_gettext
# See if a version of gettext and its tools are installed.
if [ x$GETTEXT_TOOL = x ]; then
echo
echo "You do not have a version of gettext installed."
echo "Please download one from your local package repository or"
echo "from ftp://ftp.gnu.org/pub/gnu/gettext/"
echo
exit 1
fi
parse_gettext_version
NUMVAR=$#
if [ $NUMVAR -gt 0 ]; then
if [ $NUMVAR -gt 1 ]; then
echo "Only one option at a time!"
exit 1
elif [ $1 = "--gettext-tool" ]; then
echo $GETTEXT_TOOL
exit 0
elif [ $1 = "--help" ]; then
echo "setup-gettext v$VERSION"
echo "Usage:"
echo " --gettext-tool Returns gettextize or autopoint, depending"
echo " on the version of gettext installed."
echo " --gettext-version Returns the version of gettext installed."
echo " --gettext-major-version Returns the major version of gettext installed."
echo " --gettext-minor-version Returns the minor version of gettext installed."
echo " --gettext-micro-version Returns the micro version of gettext installed."
echo " --help Displays this help screen."
echo
exit 0
elif [ $1 = "--version" ]; then
echo $VERSION
exit 0
elif [ $1 = "--gettext-version" ]; then
echo $GETTEXT_VERSION
exit 0
elif [ $1 = "--gettext-major-version" ]; then
echo $GETTEXT_MAJOR_VERSION
exit 0
elif [ $1 = "--gettext-minor-version" ]; then
echo $GETTEXT_MINOR_VERSION
exit 0
elif [ $1 = "--gettext-micro-version" ]; then
echo $GETTEXT_MICRO_VERSION
exit 0
elif [ $1 = "--install" ]; then
install
echo "setup-gettext installed."
exit 0
elif [ $1 = "--happy-url" ]; then
echo http://gaim.sf.net/forkgettext.jpg
exit 0
elif [ $1 = "--verbose" ]; then
VERBOSE=1
else
echo "Invalid option '$1'"
exit 1
fi
fi
# Okay, run the main stuff
if [ "$GETTEXT_TOOL" = "autopoint" ]; then
backup_m4
[ $VERBOSE -eq 1 ] && echo " autopoint --force"
echo n | autopoint --force || abort
restore_m4
[ -f po/Makevars.template ] && mv po/Makevars.template po/Makevars
else
if [ $GETTEXT_MINOR_VERSION -eq 11 ]; then
backup_m4
# Gettext is pure evil. It DEMANDS that we press Return no matter
# what. This gets rid of their happy "feature" of doom.
[ $VERBOSE -eq 1 ] && \
echo " gettextize --copy --force --intl --no-changelog"
sed 's:read .*< /dev/tty::' `which gettextize` > .temp-gettextize
chmod +x .temp-gettextize
echo n | ./.temp-gettextize --copy --force --intl --no-changelog || abort
rm .temp-gettextize
restore_files
restore_m4
[ -f po/Makevars.template ] && mv po/Makevars.template po/Makevars
else
[ $VERBOSE -eq 1 ] && echo " gettextize --copy --force"
echo n | gettextize --copy --force || exit;
fi
fi

13
src/Makefile.am
View File

@@ -13,19 +13,16 @@ cryptsetup_SOURCES = \
cryptsetup.c \
cryptsetup.h
cryptsetup_LDADD = \
@POPT_LIBS@ \
$(top_builddir)/lib/libcryptsetup.la
if STATIC_CRYPTSETUP
_STATIC_FLAGS = -all-static
_STATIC_LDADD = @LIBGCRYPT_LIBS@ -lgpg-error @SELINUX_STATIC_LIBS@
endif
cryptsetup_LDADD = \
$(top_builddir)/lib/libcryptsetup.la \
$(_STATIC_LDADD) \
@POPT_LIBS@
cryptsetup_LDFLAGS = \
$(_STATIC_FLAGS)
$(_STATIC_FLAGS)
cryptsetup_CFLAGS = -Wall

565
src/cryptsetup.c
View File

@@ -2,11 +2,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdarg.h>
#include <inttypes.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <assert.h>
#include <libcryptsetup.h>
@@ -16,16 +14,13 @@
#include "cryptsetup.h"
static int opt_verbose = 0;
static int opt_debug = 0;
static int opt_verbose = 1;
static char *opt_cipher = NULL;
static char *opt_hash = NULL;
static char *opt_hash = DEFAULT_HASH;
static int opt_verify_passphrase = 0;
static char *opt_key_file = NULL;
static char *opt_master_key_file = NULL;
static char *opt_header_backup_file = NULL;
static unsigned int opt_key_size = 0;
static int opt_key_slot = CRYPT_ANY_SLOT;
static int opt_key_slot = -1;
static uint64_t opt_size = 0;
static uint64_t opt_offset = 0;
static uint64_t opt_skip = 0;
@@ -54,91 +49,54 @@ static int action_luksRemoveKey(int arg);
static int action_isLuks(int arg);
static int action_luksUUID(int arg);
static int action_luksDump(int arg);
static int action_luksSuspend(int arg);
static int action_luksResume(int arg);
static int action_luksBackup(int arg);
static int action_luksRestore(int arg);
static struct action_type {
const char *type;
int (*handler)(int);
int (*handler)(int);
int arg;
int required_action_argc;
int required_memlock;
const char *arg_desc;
const char *desc;
} action_types[] = {
{ "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
{ "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
{ "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
{ "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
{ "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
{ "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
{ "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
{ "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
{ "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
{ "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
{ "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
{ "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
{ "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
{ "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
{ "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
{ "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
{ "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
{ "luksDelKey", action_luksDelKey, 0, 2, 1, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
{ "reload", action_create, 1, 2, 1, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
{ NULL, NULL, 0, 0, 0, NULL, NULL }
{ "create", action_create, 0, 2, N_("<name> <device>"), N_("create device") },
{ "remove", action_remove, 0, 1, N_("<name>"), N_("remove device") },
{ "resize", action_resize, 0, 1, N_("<name>"), N_("resize active device") },
{ "status", action_status, 0, 1, N_("<name>"), N_("show device status") },
{ "luksFormat", action_luksFormat, 0, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
{ "luksOpen", action_luksOpen, 0, 2, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
{ "luksAddKey", action_luksAddKey, 0, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
{ "luksRemoveKey", action_luksRemoveKey, 0, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
{ "luksKillSlot", action_luksKillSlot, 0, 2, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
{ "luksUUID", action_luksUUID, 0, 1, N_("<device>"), N_("print UUID of LUKS device") },
{ "isLuks", action_isLuks, 0, 1, N_("<device>"), N_("tests <device> for LUKS partition header") },
{ "luksClose", action_remove, 0, 1, N_("<name>"), N_("remove LUKS mapping") },
{ "luksDump", action_luksDump, 0, 1, N_("<device>"), N_("dump LUKS partition information") },
{ "luksDelKey", action_luksDelKey, 0, 2, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
{ "reload", action_create, 1, 2, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
{ NULL, NULL, 0, 0, NULL }
};
static void clogger(struct crypt_device *cd, int level, const char *file,
int line, const char *format, ...)
{
va_list argp;
char *target = NULL;
va_start(argp, format);
if (vasprintf(&target, format, argp) > 0) {
if (level >= 0) {
crypt_log(cd, level, target);
#ifdef CRYPT_DEBUG
} else if (opt_debug)
printf("# %s:%d %s\n", file ?: "?", line, target);
#else
} else if (opt_debug)
printf("# %s\n", target);
#endif
}
va_end(argp);
free(target);
}
/* Interface Callbacks */
static int yesDialog(char *msg)
{
char *answer = NULL;
size_t size = 0;
int r = 1;
int r = 0;
if(isatty(0) && !opt_batch_mode) {
log_std("\nWARNING!\n========\n");
log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
if(getline(&answer, &size, stdin) == -1) {
perror("getline");
free(answer);
char *answer=NULL;
size_t size=0;
fprintf(stderr,"\nWARNING!\n========\n");
fprintf(stderr,"%s\n\nAre you sure? (Type uppercase yes): ",msg);
if(getline(&answer,&size,stdin) == -1)
return 0;
}
if(strcmp(answer, "YES\n"))
r = 0;
if(strcmp(answer,"YES\n") == 0)
r = 1;
free(answer);
}
} else
r = 1;
return r;
}
static void cmdLineLog(int level, char *msg) {
switch(level) {
static void cmdLineLog(int class, char *msg) {
switch(class) {
case CRYPT_LOG_NORMAL:
fputs(msg, stdout);
@@ -157,45 +115,32 @@ static struct interface_callbacks cmd_icb = {
.log = cmdLineLog,
};
static void _log(int level, const char *msg, void *usrptr)
{
cmdLineLog(level, (char *)msg);
}
static int _yesDialog(const char *msg, void *usrptr)
{
return yesDialog((char*)msg);
}
/* End ICBs */
static void show_status(int errcode)
{
char error[256], *error_;
if(!opt_verbose)
return;
char error[256];
if(!errcode) {
log_std(_("Command successful.\n"));
return;
fprintf(stderr, _("Command successful.\n"));
return;
}
crypt_get_error(error, sizeof(error));
if (!error[0]) {
error_ = strerror_r(-errcode, error, sizeof(error));
if (!opt_verbose) {
char *error_ = strerror_r(errcode, error, sizeof(error));
if (error_ != error) {
strncpy(error, error_, sizeof(error));
error[sizeof(error) - 1] = '\0';
error[sizeof error - 1] = '\0';
}
}
log_err(_("Command failed with code %i"), -errcode);
fprintf(stderr, _("Command failed"));
if (*error)
log_err(": %s\n", error);
fprintf(stderr, ": %s\n", error);
else
log_err(".\n");
fputs(".\n", stderr);
return;
}
static int action_create(int reload)
@@ -203,11 +148,12 @@ static int action_create(int reload)
struct crypt_options options = {
.name = action_argv[0],
.device = action_argv[1],
.cipher = opt_cipher ? opt_cipher : DEFAULT_CIPHER(PLAIN),
.hash = opt_hash ?: DEFAULT_PLAIN_HASH,
.cipher = opt_cipher?opt_cipher:DEFAULT_CIPHER,
.hash = opt_hash,
.key_file = opt_key_file,
.key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8,
.key_size = ((opt_key_size)?opt_key_size:DEFAULT_KEY_SIZE)/8,
.key_slot = opt_key_slot,
.passphrase_fd = 0, /* stdin */
.flags = 0,
.size = opt_size,
.offset = opt_offset,
@@ -219,7 +165,7 @@ static int action_create(int reload)
int r;
if(reload)
log_err(_("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
fprintf(stderr, _("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
if (options.hash && strcmp(options.hash, "plain") == 0)
options.hash = NULL;
@@ -232,7 +178,8 @@ static int action_create(int reload)
r = crypt_update_device(&options);
else
r = crypt_create_device(&options);
if (r < 0)
show_status(-r);
return r;
}
@@ -242,8 +189,12 @@ static int action_remove(int arg)
.name = action_argv[0],
.icb = &cmd_icb,
};
int r;
return crypt_remove_device(&options);
r = crypt_remove_device(&options);
if (r < 0)
show_status(-r);
return r;
}
static int action_resize(int arg)
@@ -253,8 +204,12 @@ static int action_resize(int arg)
.size = opt_size,
.icb = &cmd_icb,
};
int r;
return crypt_resize_device(&options);
r = crypt_resize_device(&options);
if (r < 0)
show_status(-r);
return r;
}
static int action_status(int arg)
@@ -266,24 +221,25 @@ static int action_status(int arg)
int r;
r = crypt_query_device(&options);
if (r < 0)
return r;
if (r == 0) {
if (r < 0) {
/* error */
show_status(-r);
} else if (r == 0) {
/* inactive */
log_std("%s/%s is inactive.\n", crypt_get_dir(), options.name);
printf("%s/%s is inactive.\n", crypt_get_dir(), options.name);
r = 1;
} else {
/* active */
log_std("%s/%s is active:\n", crypt_get_dir(), options.name);
log_std(" cipher: %s\n", options.cipher);
log_std(" keysize: %d bits\n", options.key_size * 8);
log_std(" device: %s\n", options.device);
log_std(" offset: %" PRIu64 " sectors\n", options.offset);
log_std(" size: %" PRIu64 " sectors\n", options.size);
printf("%s/%s is active:\n", crypt_get_dir(), options.name);
printf(" cipher: %s\n", options.cipher);
printf(" keysize: %d bits\n", options.key_size * 8);
printf(" device: %s\n", options.device);
printf(" offset: %" PRIu64 " sectors\n", options.offset);
printf(" size: %" PRIu64 " sectors\n", options.size);
if (options.skip)
log_std(" skipped: %" PRIu64 " sectors\n", options.skip);
log_std(" mode: %s\n", (options.flags & CRYPT_FLAG_READONLY)
printf(" skipped: %" PRIu64 " sectors\n", options.skip);
printf(" mode: %s\n", (options.flags & CRYPT_FLAG_READONLY)
? "readonly" : "read/write");
crypt_put_options(&options);
r = 0;
@@ -291,14 +247,13 @@ static int action_status(int arg)
return r;
}
static int _action_luksFormat_generateMK()
static int action_luksFormat(int arg)
{
struct crypt_options options = {
.key_size = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8,
.key_size = (opt_key_size != 0 ? opt_key_size : DEFAULT_LUKS_KEY_SIZE) / 8,
.key_slot = opt_key_slot,
.device = action_argv[0],
.cipher = opt_cipher ?: DEFAULT_CIPHER(LUKS1),
.hash = opt_hash ?: DEFAULT_LUKS1_HASH,
.cipher = opt_cipher?opt_cipher:DEFAULT_LUKS_CIPHER,
.new_key_file = action_argc > 1 ? action_argv[1] : NULL,
.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE : 0),
.iteration_time = opt_iteration_time,
@@ -307,100 +262,22 @@ static int _action_luksFormat_generateMK()
.icb = &cmd_icb,
};
return crypt_luksFormat(&options);
}
static int _read_mk(const char *file, char **key, int keysize)
{
int fd;
*key = malloc(keysize);
if (!*key)
return -ENOMEM;
fd = open(file, O_RDONLY);
if (fd == -1) {
log_err("Cannot read keyfile %s.\n", file);
return -EINVAL;
}
if ((read(fd, *key, keysize) != keysize)) {
log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
close(fd);
memset(*key, 0, keysize);
free(*key);
return -EINVAL;
}
close(fd);
return 0;
}
static int _action_luksFormat_useMK()
{
int r = -EINVAL, keysize;
char *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
struct crypt_device *cd = NULL;
struct crypt_params_luks1 params = {
.hash = opt_hash ?: DEFAULT_LUKS1_HASH,
.data_alignment = opt_align_payload,
};
if (sscanf(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
"%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
cipher, cipher_mode) != 2) {
log_err("No known cipher specification pattern detected.\n");
return -EINVAL;
}
keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
if (_read_mk(opt_master_key_file, &key, keysize) < 0)
return -EINVAL;
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
crypt_set_password_verify(cd, 1);
crypt_set_timeout(cd, opt_timeout);
if (opt_iteration_time)
crypt_set_iterarion_time(cd, opt_iteration_time);
if ((r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, keysize, &params)))
goto out;
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, NULL, 0);
out:
crypt_free(cd);
if (key) {
memset(key, 0, keysize);
free(key);
}
return r;
}
static int action_luksFormat(int arg)
{
int r = 0; char *msg = NULL;
/* Avoid overwriting possibly wrong part of device than user requested by rejecting these options */
if (opt_offset || opt_skip) {
log_err("Options --offset and --skip are not supported for luksFormat.\n");
fprintf(stderr,"Options --offset and --skip are not supported for luksFormat.\n");
return -EINVAL;
}
if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
log_err(_("memory allocation error in action_luksFormat"));
return -ENOMEM;
if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), options.device) == -1) {
fputs(_("memory allocation error in action_luksFormat"), stderr);
} else {
r = yesDialog(msg) ? crypt_luksFormat(&options) : -EINVAL;
free(msg);
show_status(-r);
}
r = yesDialog(msg);
free(msg);
if (!r)
return -EINVAL;
if (opt_master_key_file)
return _action_luksFormat_useMK();
else
return _action_luksFormat_generateMK();
return r;
}
static int action_luksOpen(int arg)
@@ -409,24 +286,27 @@ static int action_luksOpen(int arg)
.name = action_argv[1],
.device = action_argv[0],
.key_file = opt_key_file,
.key_size = opt_key_file ? (opt_key_size / 8) : 0, /* limit bytes read from keyfile */
.timeout = opt_timeout,
.tries = opt_key_file ? 1 : opt_tries, /* verify is usefull only for tty */
.tries = opt_tries,
.icb = &cmd_icb,
};
int r;
opt_verbose = 1;
options.flags = 0;
if (opt_readonly)
options.flags |= CRYPT_FLAG_READONLY;
if (opt_non_exclusive)
log_err(_("Obsolete option --non-exclusive is ignored.\n"));
return crypt_luksOpen(&options);
options.flags |= CRYPT_FLAG_NON_EXCLUSIVE_ACCESS;
r = crypt_luksOpen(&options);
show_status(-r);
return r;
}
static int action_luksDelKey(int arg)
{
log_err("luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
return action_luksKillSlot(arg);
fprintf(stderr,"luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
return action_luksKillSlot(arg);
}
static int action_luksKillSlot(int arg)
@@ -439,8 +319,12 @@ static int action_luksKillSlot(int arg)
.flags = !opt_batch_mode?CRYPT_FLAG_VERIFY_ON_DELKEY : 0,
.icb = &cmd_icb,
};
int r;
return crypt_luksKillSlot(&options);
opt_verbose = 1;
r = crypt_luksKillSlot(&options);
show_status(-r);
return r;
}
static int action_luksRemoveKey(int arg)
@@ -453,38 +337,11 @@ static int action_luksRemoveKey(int arg)
.flags = !opt_batch_mode?CRYPT_FLAG_VERIFY_ON_DELKEY : 0,
.icb = &cmd_icb,
};
int r;
return crypt_luksRemoveKey(&options);
}
static int _action_luksAddKey_useMK()
{
int r = -EINVAL, keysize = 0;
char *key = NULL;
struct crypt_device *cd = NULL;
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out;
keysize = crypt_get_volume_key_size(cd);
crypt_set_password_verify(cd, 1);
crypt_set_timeout(cd, opt_timeout);
if (opt_iteration_time)
crypt_set_iterarion_time(cd, opt_iteration_time);
if (_read_mk(opt_master_key_file, &key, keysize) < 0)
goto out;
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, NULL, 0);
out:
crypt_free(cd);
if (key) {
memset(key, 0, keysize);
free(key);
}
opt_verbose = 1;
r = crypt_luksRemoveKey(&options);
show_status(-r);
return r;
}
@@ -500,11 +357,12 @@ static int action_luksAddKey(int arg)
.timeout = opt_timeout,
.icb = &cmd_icb,
};
int r;
if (opt_master_key_file)
return _action_luksAddKey_useMK();
else
return crypt_luksAddKey(&options);
opt_verbose = 1;
r = crypt_luksAddKey(&options);
show_status(-r);
return r;
}
static int action_isLuks(int arg)
@@ -513,7 +371,6 @@ static int action_isLuks(int arg)
.device = action_argv[0],
.icb = &cmd_icb,
};
return crypt_isLuks(&options);
}
@@ -523,8 +380,12 @@ static int action_luksUUID(int arg)
.device = action_argv[0],
.icb = &cmd_icb,
};
int r;
return crypt_luksUUID(&options);
r = crypt_luksUUID(&options);
if (r < 0)
show_status(-r);
return r;
}
static int action_luksDump(int arg)
@@ -533,85 +394,11 @@ static int action_luksDump(int arg)
.device = action_argv[0],
.icb = &cmd_icb,
};
int r;
return crypt_luksDump(&options);
}
static int action_luksSuspend(int arg)
{
struct crypt_device *cd = NULL;
int r;
r = crypt_init_by_name(&cd, action_argv[0]);
if (!r)
r = crypt_suspend(cd, action_argv[0]);
crypt_free(cd);
return r;
}
static int action_luksResume(int arg)
{
struct crypt_device *cd = NULL;
int r;
if ((r = crypt_init_by_name(&cd, action_argv[0])))
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out;
if (opt_key_file)
r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
opt_key_file, opt_key_size / 8);
else
r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
NULL, 0);
out:
crypt_free(cd);
return r;
}
static int action_luksBackup(int arg)
{
struct crypt_device *cd = NULL;
int r;
if (!opt_header_backup_file) {
log_err(_("Option --header-backup-file is required.\n"));
return -EINVAL;
}
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
crypt_set_log_callback(cd, _log, NULL);
crypt_set_confirm_callback(cd, _yesDialog, NULL);
r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
out:
crypt_free(cd);
return r;
}
static int action_luksRestore(int arg)
{
struct crypt_device *cd = NULL;
int r = 0;
if (!opt_header_backup_file) {
log_err(_("Option --header-backup-file is required.\n"));
return -EINVAL;
}
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
crypt_set_log_callback(cd, _log, NULL);
crypt_set_confirm_callback(cd, _yesDialog, NULL);
r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
out:
crypt_free(cd);
r = crypt_luksDump(&options);
if (r < 0)
show_status(-r);
return r;
}
@@ -620,7 +407,7 @@ static void usage(poptContext popt_context, int exitcode,
{
poptPrintUsage(popt_context, stderr, 0);
if (error)
log_err("%s: %s\n", more, error);
fprintf(stderr, "%s: %s\n", more, error);
exit(exitcode);
}
@@ -630,64 +417,26 @@ static void help(poptContext popt_context, enum poptCallbackReason reason,
if (key->shortName == '?') {
struct action_type *action;
log_std("%s\n",PACKAGE_STRING);
fprintf(stdout, "%s\n",PACKAGE_STRING);
poptPrintHelp(popt_context, stdout, 0);
log_std(_("\n"
printf(_("\n"
"<action> is one of:\n"));
for(action = action_types; action->type; action++)
log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
printf("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
log_std(_("\n"
printf(_("\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
"<key slot> is the LUKS key slot number to modify\n"
"<key file> optional key file for the new key for luksAddKey action\n"),
crypt_get_dir());
log_std(_("\nDefault compiled-in device cipher parameters:\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"),
DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH);
exit(0);
} else
usage(popt_context, 0, NULL, NULL);
}
void set_debug_level(int level);
static void _dbg_version_and_cmd(int argc, char **argv)
{
int i;
log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
for (i = 0; i < argc; i++) {
if (i)
log_std(" ");
log_std(argv[i]);
}
log_std("\"\n");
}
static int run_action(struct action_type *action)
{
int r;
if (action->required_memlock)
crypt_memory_lock(NULL, 1);
r = action->handler(action->arg);
if (action->required_memlock)
crypt_memory_lock(NULL, 0);
show_status(r);
return r;
}
}
int main(int argc, char **argv)
{
@@ -699,28 +448,26 @@ int main(int argc, char **argv)
POPT_TABLEEND
};
static struct poptOption popt_options[] = {
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
{ "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
{ "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
{ "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
{ "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
{ "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
{ "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file (can be /dev/random)"), NULL },
{ "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
{ "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
{ "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
{ "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
{ "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
{ "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
{ "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
{ "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
{ "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
{ "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
{ "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
{ "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
{ "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
{ "non-exclusive", '\0', POPT_ARG_NONE, &opt_non_exclusive, 0, N_("(Obsoleted, see man page.)"), NULL },
{ "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
{ "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
{ "cipher", 'c', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
{ "hash", 'h', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
{ "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
{ "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file (can be /dev/random)"), NULL },
{ "key-size", 's', POPT_ARG_INT | POPT_ARGFLAG_SHOW_DEFAULT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
{ "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
{ "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
{ "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
{ "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
{ "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
{ "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"),
N_("msecs") },
{ "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
{ "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
{ "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
{ "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
{ "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
{ "non-exclusive", '\0', POPT_ARG_NONE, &opt_non_exclusive, 0, N_("Allows non-exclusive access for luksOpen, WARNING see manpage."), NULL },
POPT_TABLEEND
};
poptContext popt_context;
@@ -729,8 +476,6 @@ int main(int argc, char **argv)
int r;
const char *null_action_argv[] = {NULL};
crypt_set_log_callback(NULL, _log, NULL);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
@@ -768,15 +513,15 @@ int main(int argc, char **argv)
usage(popt_context, 1, poptStrerror(r),
poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
if (opt_version_mode) {
log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
printf("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
exit(0);
}
if (opt_key_size % 8)
usage(popt_context, 1,
_("Key size must be a multiple of 8 bits"),
poptGetInvocationName(popt_context));
if (!(aname = (char *)poptGetArg(popt_context)))
usage(popt_context, 1, _("Argument <action> missing."),
poptGetInvocationName(popt_context));
@@ -792,7 +537,7 @@ int main(int argc, char **argv)
/* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
if(!action_argv)
action_argv = null_action_argv;
/* Count args, somewhat unnice, change? */
while(action_argv[action_argc] != NULL)
action_argc++;
@@ -802,13 +547,11 @@ int main(int argc, char **argv)
snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
usage(popt_context, 1, buf,
poptGetInvocationName(popt_context));
}
if (opt_debug) {
opt_verbose = 1;
crypt_set_debug_level(-1);
_dbg_version_and_cmd(argc, argv);
}
return run_action(action);
}
return action->handler(action->arg);
}
// Local Variables:
// c-basic-offset: 8
// indent-tabs-mode: nil
// End:

31
src/cryptsetup.h
View File

@@ -5,14 +5,31 @@
# include <config.h>
#endif
#include "lib/nls.h"
#if HAVE_LOCALE_H
# include <locale.h>
#endif
#if !HAVE_SETLOCALE
# define setlocale(Category, Locale) do { } while (0)
#endif
#define MAX_CIPHER_LEN 32
#define MAX_CIPHER_LEN_STR "32"
#define DEFAULT_CIPHER(type) (DEFAULT_##type##_CIPHER "-" DEFAULT_##type##_MODE)
#ifdef ENABLE_NLS
# include <libintl.h>
# define _(Text) gettext (Text)
#else
# undef bindtextdomain
# define bindtextdomain(Domain, Directory) do { } while (0)
# undef textdomain
# define textdomain(Domain) do { } while (0)
# undef dcgettext
# define dcgettext(Domainname, Text, Category) Text
# define _(Text) Text
#endif
#define N_(Text) (Text)
#define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
#define log_std(x...) clogger(NULL, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
#define log_err(x...) clogger(NULL, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)
#define DEFAULT_CIPHER "aes"
#define DEFAULT_LUKS_CIPHER "aes-cbc-essiv:sha256"
#define DEFAULT_HASH "ripemd160"
#define DEFAULT_KEY_SIZE 256
#define DEFAULT_LUKS_KEY_SIZE 128
#endif /* CRYPTSETUP_H */

13
tests/Makefile.am
View File

@@ -1,13 +0,0 @@
TESTS = api-test compat-test align-test
EXTRA_DIST = fileDiffer.py compatimage.img.bz2 align-test compat-test
api_test_SOURCES = api-test.c
api_test_LDADD = ../lib/libcryptsetup.la
api_test_LDFLAGS = -static
api_test_CFLAGS = -g -Wall -O0 -I$(top_srcdir)/lib/
check_PROGRAMS = api-test
compatimage.img:
@bzip2 -k -d compatimage.img.bz2

102
tests/align-test
View File

@@ -1,102 +0,0 @@
#!/bin/bash
CRYPTSETUP="../src/cryptsetup"
DEV=""
cleanup() {
udevadm settle 2>/dev/null 2>&1
rmmod scsi_debug 2>/dev/null
sleep 2
}
fail()
{
[ -n "$1" ] && echo "$1"
cleanup
exit 100
}
add_device() {
modprobe scsi_debug $@
if [ $? -ne 0 ] ; then
echo "This kernel seems to not support proper scsi_debug module, test skipped."
exit 0
fi
sleep 2
DEV=$(grep scsi_debug /sys/block/*/device/model | cut -f4 -d /)
if [ ! -e /sys/block/$DEV/alignment_offset ] ; then
echo "This kernel seems to not support topology info, test skipped."
cleanup
exit 0
fi
DEV="/dev/$DEV"
[ -b $DEV ] || fail "Cannot find $DEV."
}
format() # key_bits expected [forced]
{
if [ -z "$3" ] ; then
echo -n "Formatting using topology info ($1 bits key)...."
echo xxx| $CRYPTSETUP luksFormat $DEV -q -s $1
else
echo -n "Formatting using forced offset $3 ($1 bits key)..."
echo xxx| $CRYPTSETUP luksFormat $DEV -q -s $1 --align-payload=$2
fi
ALIGN=$($CRYPTSETUP luksDump $DEV |grep "Payload offset" | sed -e s/.*\\t//)
#echo "ALIGN = $ALIGN"
if [ $ALIGN -ne $2 ] ; then
echo "FAIL"
echo "Expected alignment differs: expected $2 != detected $ALIGN"
fail
fi
echo "PASSED"
}
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 0
fi
modprobe --dry-run scsi_debug || exit 0
cleanup
echo "# Create desktop-class 4K drive"
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0)"
add_device dev_size_mb=16 sector_size=512 physblk_exp=3 num_tgts=1
format 256 2112
format 128 1088
format 256 8192 8192
format 128 8192 8192
cleanup
echo "# Create desktop-class 4K drive w/ 63-sector DOS partition compensation"
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=3584)"
add_device dev_size_mb=16 sector_size=512 physblk_exp=3 lowest_aligned=7 num_tgts=1
format 256 2119
format 128 1095
cleanup
echo "# Create enterprise-class 4K drive"
echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
add_device dev_size_mb=16 sector_size=4096 num_tgts=1
format 256 2560
format 128 1536
cleanup
echo "# Create classic 512b drive and stack dm-linear"
echo "# (logical_block_size=512, physical_block_size=512, alignment_offset=0)"
add_device dev_size_mb=16 sector_size=512 num_tgts=1
DEV2=$DEV
DEV=/dev/mapper/luks0xbabe
dmsetup create luks0xbabe --table "0 32768 linear $DEV2 0"
format 256 2112
format 128 1088
format 128 8192 8192
dmsetup remove luks0xbabe
cleanup

783
tests/api-test.c
View File

@@ -1,783 +0,0 @@
/*
* cryptsetup library API check functions
*
* Copyright (C) 2009 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <linux/fs.h>
#include <errno.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include "libcryptsetup.h"
#define DMDIR "/dev/mapper/"
#define DEVICE_1 "/dev/loop5"
#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
#define DEVICE_2 "/dev/loop6"
#define DEVICE_EMPTY_name "crypt_zero"
#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
#define DEVICE_ERROR_name "crypt_error"
#define DEVICE_ERROR DMDIR DEVICE_ERROR_name
#define CDEVICE_1 "ctest1"
#define CDEVICE_2 "ctest2"
#define CDEVICE_WRONG "O_o"
#define IMAGE1 "compatimage.img"
#define IMAGE_EMPTY "empty.img"
#define KEYFILE1 "key1.file"
#define KEY1 "compatkey"
#define KEYFILE2 "key2.file"
#define KEY2 "0123456789abcdef"
static int _debug = 0;
static int _verbose = 1;
static char global_log[4096];
static int global_lines = 0;
static int gcrypt_compatible = 0;
// Helpers
static int _prepare_keyfile(const char *name, const char *passphrase)
{
int fd, r;
fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR);
if (fd != -1) {
r = write(fd, passphrase, strlen(passphrase));
close(fd);
} else
r = 0;
return r == strlen(passphrase) ? 0 : 1;
}
static void _remove_keyfiles(void)
{
remove(KEYFILE1);
remove(KEYFILE2);
}
// Decode key from its hex representation
static int crypt_decode_key(char *key, char *hex, unsigned int size)
{
char buffer[3];
char *endp;
unsigned int i;
buffer[2] = '\0';
for (i = 0; i < size; i++) {
buffer[0] = *hex++;
buffer[1] = *hex++;
key[i] = (unsigned char)strtoul(buffer, &endp, 16);
if (endp != &buffer[2])
return -1;
}
if (*hex != '\0')
return -1;
return 0;
}
static int yesDialog(char *msg)
{
return 1;
}
static void cmdLineLog(int level, char *msg)
{
strncat(global_log, msg, sizeof(global_log) - strlen(global_log));
global_lines++;
}
static void new_log(int level, const char *msg, void *usrptr)
{
cmdLineLog(level, (char*)msg);
}
static void reset_log()
{
memset(global_log, 0, sizeof(global_log));
global_lines = 0;
}
static struct interface_callbacks cmd_icb = {
.yesDialog = yesDialog,
.log = cmdLineLog,
};
static void _cleanup(void)
{
int r;
struct stat st;
//r = system("udevadm settle");
if (!stat(DMDIR CDEVICE_1, &st))
r = system("dmsetup remove " CDEVICE_1);
if (!stat(DMDIR CDEVICE_2, &st))
r = system("dmsetup remove " CDEVICE_2);
if (!stat(DEVICE_EMPTY, &st))
r = system("dmsetup remove " DEVICE_EMPTY_name);
if (!stat(DEVICE_ERROR, &st))
r = system("dmsetup remove " DEVICE_ERROR_name);
if (!strncmp("/dev/loop", DEVICE_1, 9))
r = system("losetup -d " DEVICE_1);
if (!strncmp("/dev/loop", DEVICE_2, 9))
r = system("losetup -d " DEVICE_2);
r = system("rm -f " IMAGE_EMPTY);
_remove_keyfiles();
}
static void _setup(void)
{
int r;
r = system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"");
r = system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"");
if (!strncmp("/dev/loop", DEVICE_1, 9)) {
r = system(" [ ! -e " IMAGE1 " ] && bzip2 -dk " IMAGE1 ".bz2");
r = system("losetup " DEVICE_1 " " IMAGE1);
}
if (!strncmp("/dev/loop", DEVICE_2, 9)) {
r = system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4");
r = system("losetup " DEVICE_2 " " IMAGE_EMPTY);
}
}
void check_ok(int status, int line, const char *func)
{
char buf[256];
if (status) {
crypt_get_error(buf, sizeof(buf));
printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);
_cleanup();
exit(-1);
}
}
void check_ko(int status, int line, const char *func)
{
char buf[256];
memset(buf, 0, sizeof(buf));
crypt_get_error(buf, sizeof(buf));
if (status >= 0) {
printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);
_cleanup();
exit(-1);
} else if (_verbose)
printf(" => errno %d, errmsg: %s\n", status, buf);
}
void check_equal(int line, const char *func)
{
printf("FAIL line %d [%s]: expected equal values differs.\n", line, func);
_cleanup();
exit(-1);
}
void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt)
{
if (_verbose) {
if (txt)
printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt);
else
printf(" [%s,%s:%d] %s\n", msg, func, line, tst);
}
}
#define OK_(x) do { xlog("(success)", #x, __FUNCTION__, __LINE__, NULL); \
check_ok((x), __LINE__, __FUNCTION__); \
} while(0)
#define FAIL_(x, y) do { xlog("(fail) ", #x, __FUNCTION__, __LINE__, y); \
check_ko((x), __LINE__, __FUNCTION__); \
} while(0)
#define EQ_(x, y) do { xlog("(equal) ", #x " == " #y, __FUNCTION__, __LINE__, NULL); \
if ((x) != (y)) check_equal(__LINE__, __FUNCTION__); \
} while(0)
#define RUN_(x, y) do { printf("%s: %s\n", #x, (y)); x(); } while (0)
// OLD API TESTS
static void LuksUUID(void)
{
struct crypt_options co = { .icb = &cmd_icb };
co.device = DEVICE_EMPTY;
EQ_(crypt_luksUUID(&co), -EINVAL);
co.device = DEVICE_ERROR;
EQ_(crypt_luksUUID(&co), -EINVAL);
reset_log();
co.device = DEVICE_1;
OK_(crypt_luksUUID(&co));
EQ_(strlen(global_log), 37); /* UUID + "\n" */
EQ_(strncmp(global_log, DEVICE_1_UUID, strlen(DEVICE_1_UUID)), 0);
}
static void IsLuks(void)
{
struct crypt_options co = { .icb = &cmd_icb };
co.device = DEVICE_EMPTY;
EQ_(crypt_isLuks(&co), -EINVAL);
co.device = DEVICE_ERROR;
EQ_(crypt_isLuks(&co), -EINVAL);
co.device = DEVICE_1;
OK_(crypt_isLuks(&co));
}
static void LuksOpen(void)
{
struct crypt_options co = {
.name = CDEVICE_1,
//.passphrase = "blabla",
.icb = &cmd_icb,
};
OK_(_prepare_keyfile(KEYFILE1, KEY1));
co.key_file = KEYFILE1;
co.device = DEVICE_EMPTY;
EQ_(crypt_luksOpen(&co), -EINVAL);
co.device = DEVICE_ERROR;
EQ_(crypt_luksOpen(&co), -EINVAL);
co.device = DEVICE_1;
OK_(crypt_luksOpen(&co));
FAIL_(crypt_luksOpen(&co), "already open");
_remove_keyfiles();
}
static void query_device(void)
{
struct crypt_options co = {. icb = &cmd_icb };
co.name = CDEVICE_WRONG;
EQ_(crypt_query_device(&co), 0);
co.name = CDEVICE_1;
EQ_(crypt_query_device(&co), 1);
OK_(strncmp(crypt_get_dir(), DMDIR, 11));
OK_(strcmp(co.cipher, "aes-cbc-essiv:sha256"));
EQ_(co.key_size, 16);
EQ_(co.offset, 1032);
EQ_(co.flags & CRYPT_FLAG_READONLY, 0);
EQ_(co.skip, 0);
crypt_put_options(&co);
}
static void remove_device(void)
{
int fd;
struct crypt_options co = {. icb = &cmd_icb };
co.name = CDEVICE_WRONG;
EQ_(crypt_remove_device(&co), -ENODEV);
fd = open(DMDIR CDEVICE_1, O_RDONLY);
co.name = CDEVICE_1;
FAIL_(crypt_remove_device(&co), "device busy");
close(fd);
OK_(crypt_remove_device(&co));
}
static void LuksFormat(void)
{
struct crypt_options co = {
.device = DEVICE_2,
.key_size = 256 / 8,
.key_slot = -1,
.cipher = "aes-cbc-essiv:sha256",
.hash = "sha1",
.flags = 0,
.iteration_time = 10,
.align_payload = 0,
.icb = &cmd_icb,
};
OK_(_prepare_keyfile(KEYFILE1, KEY1));
co.new_key_file = KEYFILE1;
co.device = DEVICE_ERROR;
FAIL_(crypt_luksFormat(&co), "error device");
co.device = DEVICE_2;
OK_(crypt_luksFormat(&co));
co.new_key_file = NULL;
co.key_file = KEYFILE1;
co.name = CDEVICE_2;
OK_(crypt_luksOpen(&co));
OK_(crypt_remove_device(&co));
_remove_keyfiles();
}
static void LuksKeyGame(void)
{
int i;
struct crypt_options co = {
.device = DEVICE_2,
.key_size = 256 / 8,
.key_slot = -1,
.cipher = "aes-cbc-essiv:sha256",
.hash = "sha1",
.flags = 0,
.iteration_time = 10,
.align_payload = 0,
.icb = &cmd_icb,
};
OK_(_prepare_keyfile(KEYFILE1, KEY1));
OK_(_prepare_keyfile(KEYFILE2, KEY2));
co.new_key_file = KEYFILE1;
co.device = DEVICE_2;
co.key_slot = 8;
FAIL_(crypt_luksFormat(&co), "wrong slot #");
co.key_slot = 7; // last slot
OK_(crypt_luksFormat(&co));
co.new_key_file = KEYFILE1;
co.key_file = KEYFILE1;
co.key_slot = 8;
FAIL_(crypt_luksAddKey(&co), "wrong slot #");
co.key_slot = 7;
FAIL_(crypt_luksAddKey(&co), "slot already used");
co.key_slot = 6;
OK_(crypt_luksAddKey(&co));
co.key_file = KEYFILE2 "blah";
co.key_slot = 5;
FAIL_(crypt_luksAddKey(&co), "keyfile not found");
co.new_key_file = KEYFILE2; // key to add
co.key_file = KEYFILE1;
co.key_slot = -1;
for (i = 0; i < 6; i++)
OK_(crypt_luksAddKey(&co)); //FIXME: EQ_(i)?
FAIL_(crypt_luksAddKey(&co), "all slots full");
// REMOVE KEY
co.new_key_file = KEYFILE1; // key to remove
co.key_file = NULL;
co.key_slot = 8; // should be ignored
// only 2 slots should use KEYFILE1
OK_(crypt_luksRemoveKey(&co));
OK_(crypt_luksRemoveKey(&co));
FAIL_(crypt_luksRemoveKey(&co), "no slot with this passphrase");
co.new_key_file = KEYFILE2 "blah";
co.key_file = NULL;
FAIL_(crypt_luksRemoveKey(&co), "keyfile not found");
// KILL SLOT
co.new_key_file = NULL;
co.key_file = NULL;
co.key_slot = 8;
FAIL_(crypt_luksKillSlot(&co), "wrong slot #");
co.key_slot = 7;
FAIL_(crypt_luksKillSlot(&co), "slot already wiped");
co.key_slot = 5;
OK_(crypt_luksKillSlot(&co));
_remove_keyfiles();
}
size_t _get_device_size(const char *device)
{
unsigned long size = 0;
int fd;
fd = open(device, O_RDONLY);
if (fd == -1)
return 0;
(void)ioctl(fd, BLKGETSIZE, &size);
close(fd);
return size;
}
void DeviceResizeGame(void)
{
size_t orig_size;
struct crypt_options co = {
.name = CDEVICE_2,
.device = DEVICE_2,
.key_size = 128 / 8,
.cipher = "aes-cbc-plain",
.hash = "sha1",
.offset = 333,
.skip = 0,
.icb = &cmd_icb,
};
orig_size = _get_device_size(DEVICE_2);
OK_(_prepare_keyfile(KEYFILE2, KEY2));
co.key_file = KEYFILE2;
co.size = 1000;
OK_(crypt_create_device(&co));
EQ_(_get_device_size(DMDIR CDEVICE_2), 1000);
co.size = 2000;
OK_(crypt_resize_device(&co));
EQ_(_get_device_size(DMDIR CDEVICE_2), 2000);
co.size = 0;
OK_(crypt_resize_device(&co));
EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 333));
co.size = 0;
co.offset = 444;
co.skip = 555;
co.cipher = "aes-cbc-essiv:sha256";
OK_(crypt_update_device(&co));
EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 444));
memset(&co, 0, sizeof(co));
co.icb = &cmd_icb,
co.name = CDEVICE_2;
EQ_(crypt_query_device(&co), 1);
EQ_(strcmp(co.cipher, "aes-cbc-essiv:sha256"), 0);
EQ_(co.key_size, 128 / 8);
EQ_(co.offset, 444);
EQ_(co.skip, 555);
OK_(crypt_remove_device(&co));
crypt_put_options(&co);
_remove_keyfiles();
}
// NEW API tests
static void AddDevicePlain(void)
{
struct crypt_device *cd;
struct crypt_params_plain params = {
.hash = "sha1",
.skip = 0,
.offset = 0,
};
int fd;
char key[128], key2[128], path[128];
char *passphrase = "blabla";
char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
size_t key_size = strlen(mk_hex) / 2;
char *cipher = "aes";
char *cipher_mode = "cbc-essiv:sha256";
crypt_decode_key(key, mk_hex, key_size);
FAIL_(crypt_init(&cd, ""), "empty device string");
// default is "plain" hash - no password hash
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, NULL));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
// FIXME: this should get key from active device?
//OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
//OK_(memcmp(key, key2, key_size));
OK_(crypt_deactivate(cd, CDEVICE_1));
crypt_free(cd);
// Now use hashed password
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &params));
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
// device status check
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1);
fd = open(path, O_RDONLY);
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_BUSY);
FAIL_(crypt_deactivate(cd, CDEVICE_1), "Device is busy");
close(fd);
OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
// retrieve volume key check
memset(key2, 0, key_size);
key_size--;
// small buffer
FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");
key_size++;
OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
OK_(memcmp(key, key2, key_size));
OK_(strcmp(cipher, crypt_get_cipher(cd)));
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
EQ_(key_size, crypt_get_volume_key_size(cd));
EQ_(0, crypt_get_data_offset(cd));
OK_(crypt_deactivate(cd, CDEVICE_1));
crypt_free(cd);
}
static void UseLuksDevice(void)
{
struct crypt_device *cd;
char key[128];
size_t key_size;
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
key_size = 16;
OK_(strcmp("aes", crypt_get_cipher(cd)));
OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
EQ_(key_size, crypt_get_volume_key_size(cd));
EQ_(1032, crypt_get_data_offset(cd));
EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
OK_(crypt_volume_key_verify(cd, key, key_size));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
key[1] = ~key[1];
FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
crypt_free(cd);
}
static void SuspendDevice(void)
{
int suspend_status;
struct crypt_device *cd;
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
suspend_status = crypt_suspend(cd, CDEVICE_1);
if (suspend_status == -ENOTSUP) {
printf("WARNING: Suspend/Resume not supported, skipping test.\n");
goto out;
}
OK_(suspend_status);
FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
OK_(_prepare_keyfile(KEYFILE1, KEY1));
OK_(crypt_suspend(cd, CDEVICE_1));
FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
OK_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0));
FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
_remove_keyfiles();
out:
OK_(crypt_deactivate(cd, CDEVICE_1));
crypt_free(cd);
}
static void AddDeviceLuks(void)
{
struct crypt_device *cd;
struct crypt_params_luks1 params = {
.hash = "sha512",
.data_alignment = 2048, // 4M, data offset will be 4096
};
char key[128], key2[128];
char *passphrase = "blabla";
char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
size_t key_size = strlen(mk_hex) / 2;
char *cipher = "aes";
char *cipher_mode = "cbc-essiv:sha256";
crypt_decode_key(key, mk_hex, key_size);
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
// even with no keyslots defined it can be activated by volume key
OK_(crypt_volume_key_verify(cd, key, key_size));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_2));
// now with keyslot
EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_2));
FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
key[1] = ~key[1];
FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
key[1] = ~key[1];
EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
OK_(crypt_keyslot_destroy(cd, 7));
EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
OK_(crypt_volume_key_verify(cd, key2, key_size));
OK_(memcmp(key, key2, key_size));
OK_(strcmp(cipher, crypt_get_cipher(cd)));
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
EQ_(key_size, crypt_get_volume_key_size(cd));
EQ_(4096, crypt_get_data_offset(cd));
reset_log();
crypt_set_log_callback(cd, &new_log, NULL);
OK_(crypt_dump(cd));
OK_(!(global_lines != 0));
crypt_set_log_callback(cd, NULL, NULL);
reset_log();
FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
crypt_free(cd);
}
// Check that gcrypt is properly initialised in format
static void NonFIPSAlg(void)
{
struct crypt_device *cd;
struct crypt_params_luks1 params = {
.hash = "whirlpool",
};
char key[128] = "";
size_t key_size = 128;
char *cipher = "aes";
char *cipher_mode = "cbc-essiv:sha256";
if (!gcrypt_compatible) {
printf("WARNING: old libgcrypt, skipping test.\n");
return;
}
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
crypt_free(cd);
}
static void _gcrypt_compatible()
{
int maj, min, patch;
FILE *f;
if (!(f = popen("libgcrypt-config --version", "r")))
return;
if (fscanf(f, "%d.%d.%d", &maj, &min, &patch) == 3 &&
maj >= 1 && min >= 4)
gcrypt_compatible = 1;
if (_debug)
printf("libgcrypt version %d.%d.%d detected.\n", maj, min, patch);
(void)fclose(f);
return;
}
int main (int argc, char *argv[])
{
int i;
if (getuid() != 0) {
printf("You must be root to run this test.\n");
exit(0);
}
for (i = 1; i < argc; i++) {
if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]))
_verbose = 1;
else if (!strcmp("--debug", argv[i]))
_debug = _verbose = 1;
}
_cleanup();
_setup();
_gcrypt_compatible();
crypt_set_debug_level(_debug ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
RUN_(NonFIPSAlg, "Crypto is properly initialised in format"); //must be the first!
RUN_(LuksUUID, "luksUUID API call");
RUN_(IsLuks, "isLuks API call");
RUN_(LuksOpen, "luksOpen API call");
RUN_(query_device, "crypt_query_device API call");
RUN_(remove_device, "crypt_remove_device API call");
RUN_(LuksFormat, "luksFormat API call");
RUN_(LuksKeyGame, "luksAddKey, RemoveKey, KillSlot API calls");
RUN_(DeviceResizeGame, "regular crypto, resize calls");
RUN_(AddDevicePlain, "plain device API creation exercise");
RUN_(AddDeviceLuks, "Format and use LUKS device");
RUN_(UseLuksDevice, "Use pre-formated LUKS device");
RUN_(SuspendDevice, "Suspend/Resume test");
_cleanup();
return 0;
}

149
tests/compat-test
View File

@@ -1,149 +0,0 @@
#!/bin/bash
CRYPTSETUP=../src/cryptsetup
LOOPDEV=/dev/loop5
DEV_NAME=dummy
DEV_NAME2=dummy2
ORIG_IMG=luks-test-orig
IMG=luks-test
IMG1=luks-test1
KEY1=key1
LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
KEY_SLOT0="S208-211 S212-215 R216-247 S248-251 S251-255"
KEY_MATERIAL0="R4096-68096"
KEY_MATERIAL0_EXT="R4096-68096"
KEY_SLOT1="S256-259 S260-263 R264-295 S296-299 S300-303"
KEY_MATERIAL1="R69632-133632"
KEY_MATERIAL1_EXT="S69632-133632"
function remove_mapping()
{
[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $ORIG_IMG $IMG $IMG1 $KEY1 >/dev/null 2>&1
}
function fail()
{
remove_mapping
echo "FAILED"
exit 2
}
function prepare()
{
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 0
fi
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
if [ ! -e $KEY1 ]; then
dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
fi
if [ ! -e $IMG ]; then
bzip2 -cd compatimage.img.bz2 > $IMG
losetup -d $LOOPDEV >/dev/null 2>&1
losetup $LOOPDEV $IMG
fi
cp $IMG $ORIG_IMG
[ -n "$1" ] && echo "CASE: $1"
}
function check()
{
sync
./fileDiffer.py $IMG $ORIG_IMG $1|| fail
}
function check_exists()
{
[ -b /dev/mapper/$DEV_NAME ] || fail
check $1
}
# LUKS tests
prepare "[1] open - compat image - acceptance check"
echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
check_exists
prepare "[2] open - compat image - denial check"
echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
check
# All headers items and first key material section must change
prepare "[3] format"
echo "key0" | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
prepare "[4] format using hash sha512"
echo "key0" | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
prepare "[5] open"
echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
check_exists
# Key Slot 1 and key material section 1 must change, the rest must not.
prepare "[6] add key"
echo -e "key0\nkey1" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
check "$KEY_SLOT1 $KEY_MATERIAL1"
echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
# Unsuccessful Key Delete - nothing may change
prepare "[7] unsuccessful delete"
echo "invalid" | $CRYPTSETUP luksDelKey $LOOPDEV 1 && fail
check
# Delete Key Test
# Key Slot 1 and key material section 1 must change, the rest must not
prepare "[8] successful delete"
$CRYPTSETUP -q luksDelKey $LOOPDEV 1 || fail
check "$KEY_SLOT1 $KEY_MATERIAL1_EXT"
echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
# Key Slot 1 and key material section 1 must change, the rest must not
prepare "[9] add key test for key files"
echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail
check "$KEY_SLOT1 $KEY_MATERIAL1"
$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
# Key Slot 1 and key material section 1 must change, the rest must not
prepare "[10] delete key test with key1 as remaining key"
$CRYPTSETUP -d $KEY1 luksDelKey $LOOPDEV 0 || fail
check "$KEY_SLOT0 $KEY_MATERIAL0_EXT"
echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
# Delete last slot
prepare "[11] delete last key"
echo "key0" | $CRYPTSETUP luksFormat $LOOPDEV || fail
echo "key0" | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
# Format test for ESSIV, and some other parameters.
prepare "[12] parameter variation test"
$CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV $KEY1 || fail
check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
prepare "[13] open/close - stacked devices"
echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
echo "key0" | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail
echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
$CRYPTSETUP -q luksClose $DEV_NAME2 || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
remove_mapping
exit 0