[Pkg-cryptsetup-devel] Bug#305366: marked as done (cryptsetup: Please integrate LUKS support)

Debian Bug Tracking System owner at bugs.debian.org
Sun Jan 22 16:33:37 UTC 2006


Your message dated Sun, 22 Jan 2006 17:13:39 +0100
with message-id <20060122161339.GB11186 at freesources.org>
and subject line cryptsetup 2:1.0.1-11 with luks support uploaded to debian
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Apr 2005 16:40:46 +0000
>From michael.geb at gmx.at Tue Apr 19 09:40:46 2005
Return-path: <michael.geb at gmx.at>
Received: from proxy.vc-graz.ac.at [193.171.121.30] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DNvmH-0000Ah-00; Tue, 19 Apr 2005 09:40:45 -0700
Received: from god (j-25.vc-graz.ac.at [193.170.226.25])
	(authenticated bits=0)
	by proxy.vc-graz.ac.at (8.13.1/8.13.1) with ESMTP id j3JGegHx006890
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Tue, 19 Apr 2005 18:40:42 +0200 (MEST)
Received: by god (Postfix, from userid 1000)
	id 470BA1C4ED; Tue, 19 Apr 2005 18:40:42 +0200 (CEST)
Date: Tue, 19 Apr 2005 18:40:42 +0200
From: Michael Gebetsroither <michael.geb at gmx.at>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: cryptsetup: Please integrate LUKS support
Message-ID: <20050419164042.GA14752 at god>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
X-Reportbug-Version: 3.9
X-URL: http://einsteinmg.dyndns.org
X-Operating-System: Debian/GNU SID
X-Registered-Linux-User: 278278
X-Crypto: GnuPG/1.4.0 http://www.gnupg.org
X-GPG-Key-ID: 0x74BE9EBE
X-GPG-Fingerprint: DC1D 6F9B 06BE FC94 56E5  2F6A F142 230E 74BE 9EBE
User-Agent: Mutt/1.5.9i
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--eAbsdosE1cNLO4uF
Content-Type: multipart/mixed; boundary="J/dobhs11T7y2rNN"
Content-Disposition: inline


--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: cryptsetup
Severity: wishlist
Tags: patch

Hi,

Please integrate LUKS support into cryptsetup.

LUSK: "Linux Unified Key Setup" [0]
| LUKS is the upcoming standard for Linux hard disk encryption. By
| providing a standard on-disk-format, it does not only facilitate
| compatibility among distributions, but also provide secure
| management of multiple user passwords. In contrast to existing
| solution, LUKS stores all setup necessary setup information in the
| partition header, enabling the user to transport or migrate his data
| seamlessly.

There is allready a cryptsetup package with luks support currently
maintained by myself[1].

I've integrated all the luks specific changes into your
cryptsetup-20050111-2.
patch for cryptsetup-20050111-2 to LUKS 1.0 is at [2] or in the
attachment:

[0]: http://luks.endorphin.org/
[1]: http://einsteinmg.dyndns.org/debian/
[2]: http://einsteinmg.dyndns.org/projects/cryptsetup-luks/patch_cryptsetup=
-20050111-2_cryptsetup-luks_1.0-4

thx & cu
Michael Gebetsroither

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.7
Locale: LANG=3Den_IE at euro, LC_CTYPE=3Den_IE at euro (charmap=3DISO-8859-15)

Versions of packages cryptsetup depends on:
ii  dmsetup                     2:1.01.00-4  The Linux Kernel Device Mapper=
 use
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
pn  libdevmapper1.00                         Not found.
ii  libgcrypt11                 1.2.0-11     LGPL Crypto library - runtime =
libr
ii  libgpg-error0               1.0-1        library for common error value=
s an
ii  libpopt0                    1.7-5        lib for parsing cmdline parame=
ters
--=20
/*The only secure computer is one that's unplugged, locked in a
safe, and buried 20 feet under the ground in a secret location...
and i'm not even too sure about that one.*/

--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="patch_cryptsetup-20050111-2_cryptsetup-luks_1.0-4"
Content-Transfer-Encoding: quoted-printable

diff -Naurp cryptsetup-20050111/AUTHORS cryptsetup-luks-1.0/AUTHORS
--- cryptsetup-20050111/AUTHORS	2004-03-04 00:42:03.000000000 +0100
+++ cryptsetup-luks-1.0/AUTHORS	2005-04-02 23:08:13.000000000 +0200
@@ -1 +1,2 @@
 Christophe Saout <christophe at saout.de>
+Clemens Fruhwirth <clemens at endorphin.org>
diff -Naurp cryptsetup-20050111/ChangeLog cryptsetup-luks-1.0/ChangeLog
--- cryptsetup-20050111/ChangeLog	2004-04-13 19:28:53.000000000 +0200
+++ cryptsetup-luks-1.0/ChangeLog	2005-04-02 23:28:45.000000000 +0200
@@ -1,3 +1,40 @@
+2005-03-25  Clemens Fruhwirth  <clemens at endorphin.org>
+
+	* configure.in: man page Makefile. Version bump 1.0.
+
+	* man/cryptsetup.8: finalize man page and move to section 8.
+
+	* src/cryptsetup.c (action_luksFormat): Add "are you sure" for interactiv=
e sessions.
+
+	* lib/setup.c (crypt_luksDump), src/cryptsetup.c: add LUKS dump command
+
+2005-03-24  Clemens Fruhwirth  <clemens at endorphin.org>
+
+	* src/cryptsetup.c, luks/Makefile.am (test), lib/setup.c (setup_enter):=
=20
+	rename luksInit to luksFormat
+
+2005-03-12  Clemens Fruhwirth  <clemens at endorphin.org>
+
+	* man/cryptsetup.1: Add man page.
+
+	* lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the
+	phdr is written after passphrase reading, so the user can change
+	his mind, and not have a partial written LUKS header on it's disk.
+=09
+2005-02-09  Clemens Fruhwirth  <clemens at endorphin.org>
+
+	* luks/keymanage.c (LUKS_write_phdr): converted argument phdr to
+	pointer, and make a copy of phdr for conversion
+
+	* configure.in: Version dump.
+
+	* luks/keyencryption.c: Convert to read|write_blockwise.
+
+	* luks/keymanage.c: Convert to read|write_blockwise.
+
+	* lib/utils.c: Add read|write_blockwise functions, to use in
+	O_DIRECT file accesses.=20
+
 2004-03-11 Thursday 15:52   Christophe Saout <christophe at saout.de>
=20
 	* lib/blockdev.h: BLKGETSIZE64 really uses size_t as third
diff -Naurp cryptsetup-20050111/configure.in cryptsetup-luks-1.0/configure.=
in
--- cryptsetup-20050111/configure.in	2004-04-13 19:28:53.000000000 +0200
+++ cryptsetup-luks-1.0/configure.in	2005-04-02 23:38:24.000000000 +0200
@@ -1,5 +1,5 @@
 AC_PREREQ(2.57)
-AC_INIT(cryptsetup,0.2)
+AC_INIT(cryptsetup-luks,1.0)
 AC_CONFIG_SRCDIR(src/cryptsetup.c)
=20
 AM_CONFIG_HEADER([config.h:config.h.in])
@@ -16,16 +16,27 @@ AC_PROG_CC
 AC_PROG_CPP
 AC_PROG_INSTALL
 AC_PROG_MAKE_SET
+AC_ENABLE_STATIC(no)
 AM_PROG_LIBTOOL
=20
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
 	ctype.h unistd.h locale.h)
+
+AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR('You need the uuid library (fr=
om e2fsprogs)')])
+
+saved_LIBS=3D"$LIBS"
+AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR('You need the uuid library (=
=66rom e2fsprogs)')])
+UUID_LIBS=3D"$LIBS"
+LIBS=3D"$saved_LIBS"
+AC_SUBST(UUID_LIBS)
+
 AC_CHECK_FUNCS(setlocale)
=20
=20
 AC_C_CONST
+AC_C_BIGENDIAN
 AC_TYPE_OFF_T
 AC_STRUCT_ST_RDEV
 AC_SYS_LARGEFILE
@@ -98,9 +109,15 @@ AM_CONDITIONAL(SHARED_LIBDEVMAPPER, test
=20
 dnl =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
=20
+AM_CONDITIONAL(STATIC_CRYPTSETUP, test x$enable_static =3D xyes)
+AM_CONDITIONAL(DYNAMIC_CRYPTSETUP, test x$enable_static =3D xno)
+
+dnl =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
+
 AC_OUTPUT([
 Makefile
 lib/Makefile
 src/Makefile
 po/Makefile.in
+luks/Makefile
 ])
diff -Naurp cryptsetup-20050111/debian/changelog cryptsetup-luks-1.0/debian=
/changelog
--- cryptsetup-20050111/debian/changelog	2005-02-09 18:02:53.000000000 +0100
+++ cryptsetup-luks-1.0/debian/changelog	2005-04-19 17:29:05.000000000 +0200
@@ -1,120 +1,74 @@
-cryptsetup (20050111-2) unstable; urgency=3Dlow
+cryptsetup-luks (1.0-4) unstable; urgency=3Dlow
=20
-  * autogen.sh calls autopoint (gettext), which needs cvs
-  * Removed reference to patch for mkinitrd-tools (closes: #290017)
+  * cleand source-tree for submitting a wishlist repost into debian BTS
=20
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Wed, 12 Jan 2005 13=
:34:38 +0100
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Tue, 19 Apr 2005 17:28:40 =
+0200
=20
-cryptsetup (20050111-1) unstable; urgency=3Dlow
+cryptsetup-luks (1.0-3) unstable; urgency=3Dlow
=20
-  * Switched to using CVS
-    - important new option '-r' supports read-only media (eg: dvds)
-    - requires a new cryptdisks option: readonly
-    - use install rule instead of manual cp
-    - relink cryptsetup manually
-    - install the library and header (small)
-  * using autogen.sh
-    - no longer need to patch broken config*
-    - depends on autoconf, automake1.8, libtool, gettext
-    - attempt to clean all files produced by autogen.sh
-  * Applied patches from Bastian Kleineidam <calvin at debian.org>
-    - CryptoSwap.HowTo (closes: #287689)
-    - fix web page links (closes: #271475)
-    - accept more comments (closes: #287676)
-    - added manpage for crypttab (closes: #279015)
-    - improved manpage for cryptsetup (closes: #274666)
-      - also thanks to Thorsten Gunkel for an earlier version
-    - thanks for all the improvements!
-  * Applied startup script help patch from Marco Bertorello (closes: #2770=
78)
-  * Included Volker Sauer's hotplug script for automounting an encrypted
-    volume once the keys are plugged in via a usb stick (usbcrypto.hotplug)
-  * Included script for booting using keys on a usbstick (closes: #266137)
-  * Included another usb script from Stephan A Suerken
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Tue, 11 Jan 2005 16=
:24:49 +0100
-
-cryptsetup (0.1-6) unstable; urgency=3Dlow
-
-  * Don't load module loop if it is compiled in (closes: #270836)
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Fri, 10 Sep 2004 21=
:39:21 +0200
-
-cryptsetup (0.1-5) unstable; urgency=3Dlow
-
-  * Changed default runlevel to rcS.d/S28 to load after evms (closes: #269=
222)
-    - also shutdown at rc0.d/S48
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Wed,  8 Sep 2004 22=
:41:04 +0200
-
-cryptsetup (0.1-4) unstable; urgency=3Dmedium
-
-  * Applied patch from Martin Dickopp to fix ls bug
-    - not using stat b/c it is in /usr/bin which is not available
-    - (closes: #262381, #259980)
-  * Added support to disable cryptdisks at bootup (closes: #261268)
-    - rejected the provided patch as it was too invasive
-    - debhelper can not be entrusted with setting up Sxx links b/c cryptdi=
sks
-      must be started immediately after lvm, prior to filesystem mount
-  * Added loopback support contributed from Dmitry Borodaenko
-    - deconfigure loop device only if we are certain we configured it
-    - (closes: #266053)
-  * Empty line fix from Holger Ruckdeschel
-    - also applied to stop
-  * Sorry for the very late upload; I was away.
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Sun, 29 Aug 2004 02=
:46:32 +0200
-
-cryptsetup (0.1-3) unstable; urgency=3Dlow
-
-  * Fix test to not use '-a' in cryptdisks (closes: #259607)
-  * Allow /dev/*random (closes: #257928)
-  * Don't assume $key must be a file (devices, fifos, etc) (closes: #25846=
3)
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Fri, 16 Jul 2004 15=
:48:30 +0200
-
-cryptsetup (0.1-2) unstable; urgency=3Dlow
-
-  * Included patches from Tino Keitel; thanks!
-    - Check keyfile existence before proceeding (closes: #257049)
-    - Add support for more options in crypttab  (closes: #257045)
-  * Conflict with hashalot (<=3D 0.3-1) (closes: #255676)
-  * Add a prototype CryptoRoot.HowTo  (closes: #256235)
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Sun,  4 Jul 2004 13=
:01:49 +0200
-
-cryptsetup (0.1-1) unstable; urgency=3Dlow
-
-  * Package uploaded to debian (closes: #237716)
-  * Forced static linking to libgcrypt and libgpg-error
-    - needed so that /sbin/cryptsetup does not need /usr/lib/*
-    - otherwise could not be used to mount /usr (!!)
-  * Wrote preinst, postinst, and postrm
-    - setup init script links (right after lvm)
-    - create a blank /etc/crypttab and /etc/keys dir
-  * Included a startup script to configure disks
-    - sets up all devices listed in /etc/crypttab
-    - detects whether or not changes will work
-  * Cleaned up debian/ directory
-    - removed all example files
-    - added a package description
-    - include Build-Depends
-    - depend on dmsetup
-    - updated standards version
-  * New maintainer
-    - relabeled previous versions to -0.x to appease dupload
-
- -- Wesley W. Terpstra (Debian) <terpstra at debian.org>  Sat,  5 Jun 2004 23=
:29:11 +0200
-
-cryptsetup (0.1-0.2) unstable; urgency=3Dlow
-
-  * Add README.html
-  * cryptsetup in /sbin directory
-
- -- Milan Kocian <milon at wq.cz>  Thu, 18 Mar 2004 13:27:50 +0100
-
-cryptsetup (0.1-0.1) unstable; urgency=3Dlow
-
-  * Initial Release.
-  * This is my first Debian package
- =20
- -- Milan Kocian <milon at wq.cz>  Thu, 18 Mar 2004 09:28:18 +0100
+  * updatet dependencies (libdevmapper1.00 =3D> libdevmapper1.01)=20
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Tue, 19 Apr 2005 13:51:10 =
+0200
+
+cryptsetup-luks (1.0-2) unstable; urgency=3Dlow
+
+  * replaced original debian cryptsetup manpage with manpage from
+    cryptsetup-luks=20
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sun,  3 Apr 2005 13:33:55 =
+0200
+
+cryptsetup-luks (1.0-1) unstable; urgency=3Dlow
+
+  * new upstream release
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sat,  2 Apr 2005 23:29:43 =
+0200
+
+cryptsetup-luks (0.993-3) unstable; urgency=3Dlow
+
+  * fixed dependencis=20
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sun, 13 Feb 2005 01:28:11 =
+0100
+
+cryptsetup-luks (0.993-2) unstable; urgency=3Dlow
+
+  * fixed a few source problems
+  * fixed post/pre install scripts
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sat, 12 Feb 2005 16:18:07 =
+0100
+
+cryptsetup-luks (0.993-1) unstable; urgency=3Dlow
+
+  * synced with luks upstream=20
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sat, 12 Feb 2005 15:50:21 =
+0100
+
+cryptsetup-luks (0.992-5) unstable; urgency=3Dlow
+
+  * fixed a few problems in den debian source package=20
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sat, 12 Feb 2005 04:22:30 =
+0100
+
+cryptsetup-luks (0.992-4) unstable; urgency=3Dlow
+
+  * debianized the package
+  * cleand up build system
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Sat, 12 Feb 2005 00:12:43 =
+0100
+
+cryptsetup-luks (0.992-3) unstable; urgency=3Dlow
+
+  * Fixed typo
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Fri, 11 Feb 2005 18:38:42 =
+0100
+
+cryptsetup-luks (0.992-2) unstable; urgency=3Dlow
+
+  * Added note within description=20
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Fri, 11 Feb 2005 18:21:03 =
+0100
+
+cryptsetup-luks (0.992-1) unstable; urgency=3Dlow
+
+  * "integrated LUKS" support (very messy hack)
+
+ -- Michael Gebetsroither <michael.geb at gmx.at>  Thu, 10 Feb 2005 18:16:21 =
+0100
diff -Naurp cryptsetup-20050111/debian/control cryptsetup-luks-1.0/debian/c=
ontrol
--- cryptsetup-20050111/debian/control	2005-02-09 18:02:53.000000000 +0100
+++ cryptsetup-luks-1.0/debian/control	2005-04-19 17:28:26.000000000 +0200
@@ -1,14 +1,15 @@
-Source: cryptsetup
+Source: cryptsetup-luks
 Section: admin
 Priority: optional
-Maintainer: Wesley W. Terpstra (Debian) <terpstra at debian.org>
+Maintainer: Michael Gebetsroither <michael.geb at gmx.at>
 Build-Depends: debhelper (>=3D 4.0.0), libgcrypt11-dev, libdevmapper-dev, =
libpopt-dev, docbook-to-man, gettext, libtool, autoconf, automake1.8, cvs
 Standards-Version: 3.6.1.0
=20
-Package: cryptsetup
+Package: cryptsetup-luks
 Architecture: any
 Depends: ${shlibs:Depends}, dmsetup
-Conflicts: hashalot (<=3D 0.3-1)
+Conflicts: cryptsetup, hashalot (<=3D 0.3-1)
+Replaces: cryptsetup
 Description: configures encrypted block devices
  Since kernel 2.6.4, encrypted filesystem support is provided by the device
  mapper target dm-crypt. This utility provides a command-line interface for
@@ -21,4 +22,6 @@ Description: configures encrypted block=20
  initrd-tools and standard debian kernels, cryptoroot is also supported.
  .
  For information on how to convert your system to use encrypted filesystems
- please read /usr/share/doc/cryptsetup/CryptoRoot.HowTo .
+ please read /usr/share/doc/cryptsetup/CryptoRoot.HowTo.
+ .
+ This version of cryptsetup has integrated support for LUKS.
diff -Naurp cryptsetup-20050111/debian/copyright cryptsetup-luks-1.0/debian=
/copyright
--- cryptsetup-20050111/debian/copyright	2005-02-09 18:02:53.000000000 +0100
+++ cryptsetup-luks-1.0/debian/copyright	2005-04-02 23:08:13.000000000 +0200
@@ -1,9 +1,9 @@
-This package was debianized by Milan Kocian <milon at wq.cz> on
-Thu, 18 Mar 2004 09:28:18 +0100.
+This package was debianized by Michael Gebetsroither <michael.geb at gmx.at> =
 on
+Sat Feb 12 16:10:12 CET 2005
=20
-It was downloaded from http://www.saout.de/misc/dm-crypt/
+It was downloaded from http://clemens.endorphin.org/LUKS
=20
-Upstream Author: christophe at saout.de
+Upstream Author: Clemens Fruhwirth
=20
 This software is copyright (C) by Christophe Saout
=20
diff -Naurp cryptsetup-20050111/debian/cryptsetup.8 cryptsetup-luks-1.0/deb=
ian/cryptsetup.8
--- cryptsetup-20050111/debian/cryptsetup.8	1970-01-01 01:00:00.000000000 +=
0100
+++ cryptsetup-luks-1.0/debian/cryptsetup.8	2005-04-03 13:32:52.000000000 +=
0200
@@ -0,0 +1,147 @@
+.TH CRYPTSETUP "8" "March 2005" "cryptsetup 1.0" "Maintainance Commands"
+.SH NAME
+cryptsetup \- setup cryptographic volumes for dm-crypt (including LUKS ext=
ension)
+.SH SYNOPSIS
+
+.B cryptsetup <options> <action> <action args>
+
+.SH DESCRIPTION
+.\" Add any additional description here
+.PP
+cryptsetup is used to conveniently setup up dm-crypt managed device-mapper=
 mappings. For basic dm-crypt mappings, there are five operations.
+.SH ACTIONS
+These strings are valid for \fB<action>\fR, followed by their \fB<action a=
rgs>\fR:
+
+\fIcreate\fR <name> <device>
+.IP
+creates a mapping with <name> backed by device <device>.
+<options> can be [--hash, --cipher, --verify-passphrase, --key-file, --key=
-size, --offset, --skip, --readonly]
+.PP
+\fIremove\fR <name>
+.IP
+removes an existing mapping <name>. No options.
+.PP
+\fIstatus\fR <name>
+.IP
+reports the status for the mapping <name>. No options.
+.PP
+\fIreload\fR <name>
+.IP
+modifies an active mapping <name>. Same options as for create.
+.PP
+\fIresize\fR <name>
+.IP
+resizes an active mapping <name>. <options> must include --size=20
+.PP
+.br
+.SH LUKS EXTENSION
+
+LUKS, Linux Unified Key Setup, is a standard for hard disk encryption. It =
standardizes a partition header, as well as the format of the bulk data. LU=
KS can manage multiple passwords, that can be revoked effectively and that =
are protected against dictionary attacks with PBKDF2.=20
+
+These are valid LUKS actions:
+
+\fIluksFormat\fR <device> [<key file>]
+.IP
+initializes a LUKS partition and set the initial key, either via prompting=
 or via <key file>.
+<options> can be [--cipher, --verify-passphrase, --key-size]
+.PP
+\fIluksOpen\fR <device> <name>
+.IP
+opens the LUKS partition <device> and sets up a mapping <name> after succe=
ssful verification of the supplied key material (either via key file by --k=
ey-file, or via prompting).
+<options> can be [--key-file].
+.PP
+\fIluksClose\fR <name>
+.IP
+identical to \fIremove\fR.
+.PP
+\fIluksAddKey\fR <name> [<new key file>]
+.IP
+add a new key file/passphrase. An existing passphrase or key file (via --k=
ey-file) must be supplied. The key file with the new material is supplied a=
s after \fIluksAddKey\fR as positional argument. <options> can be [--key-fi=
le].
+.PP
+\fIluksDelKey\fR <key slot number>
+.IP
+remove key from key slot. No options.
+.PP
+\fIluksUUID\fR <device>
+.IP
+print UUID, if <device> has a LUKS header. No options.
+.PP
+\fIisLuks\fR <device>
+.IP
+returns true, if <device> is a LUKS partition. Otherwise, false. No option=
s.
+.PP
+\fIluksDump\fR <device>
+.IP
+dumps the header information of a LUKS partition. No options.
+.PP
+
+For more information about LUKS, see \fBhttp://luks.endorphin.org\fR
+.SH OPTIONS
+.TP
+.B "\-\-hash, \-h"
+specifies hash to use for password hashing. This option is only relevant f=
or the "create" action. The hash string is passed to libgcrypt, so all hash=
es accepted by gcrypt are supported.
+.TP
+.B "\-\-cipher, \-c"
+set cipher specification string. Usually, this is "aes-cbc-plain". For pre=
-2.6.10 kernels, use "aes-plain" as they don't understand the new cipher sp=
ec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
+.TP
+.B "\-\-verify-passphrase, \-y"
+query for passwords twice. Useful, when creating a (regular) mapping for t=
he first time, or when running \fIluksFormat\fR.
+.TP
+.B "\-\-key-file, \-d"
+use file as key material. With LUKS, key material supplied in key files vi=
a -d are always used for existing passphrases. If you want to set a new key=
 via a key file, you have to use a positional arg to \fIluksFormat\fR or \f=
IluksAddKey\fR.
+.TP
+.B "\-\-key-size, \-s"
+set key size in bits. Usually, this is 128, 192 or 256. Can be used for \f=
Icreate\fR or \fIluksFormat\fR, all other LUKS actions will ignore this fla=
g, as the key-size is specified by the partition header.
+.TP
+.B "\-\-size, \-b"
+force the size of the underlaying device in sectors.
+.TP
+.B "\-\-offset, \-o"
+start offset in the backend device.
+.TP
+.B "\-\-skip, \-p"
+how many sectors of the encrypted data to skip at the beginning. This is d=
ifferent from the --offset options with respect to IV calculations. Using -=
-offset will shift the IV calculcation by the same negative amount. Hence, =
if --offset \fIn\fR, sector \fIn\fR will be the first sector on the mapping=
 with IV \fI0\fR. Using --skip would have resulted in sector \fIn\fR being =
the first sector also, but with IV \fIn\fR.
+.TP
+.B "\-\-readonly"
+setup a read-only mapping.
+.TP
+.B "\-\-iter-time, \-i"
+The number of seconds to spend with PBKDF2 password processing. This optio=
ns is only relevant to LUKS key setting operations as \fIluksFormat\fR or \=
fIluksAddKey\fR.
+
+.SH NOTES ON PASSWORD PROCESSING FOR REGULAR MAPPINGS
+\fIFrom a file descriptor or a terminal\fR: Password processing is new-lin=
e sensitive, meaning the reading will stop after encountering \\n. It will =
processed the read material with the default hash or the hash given by --ha=
sh. After hashing it will be cropped to the key size given by -s (or defaul=
t 256bit).
+
+\fIFrom a key file\fR: It will be cropped to the size given by -s. If ther=
e is insufficient key material in the key file, cryptsetup will quit with a=
n error.
+.SH NOTES ON PASSWORD PROCESSING FOR LUKS
+Password processing is totally different for LUKS. LUKS uses PBKDF2 to pro=
tect against dictionary attacks (see RFC 2898).=20
+LUKS will always use SHA1 in HMAC mode, and no other mode is supported at =
the moment.=20
+Hence, -h is ignored.
+
+LUKS will always do an exhaustive password reading. Hence, password can no=
t be read from /dev/random, /dev/zero or any other stream, that does not te=
rminate.
+
+LUKS saves the processing options when a password is set to the respective=
 key slot.
+Therefore, no options can be given to luksOpen.=20
+For any password creation action (luksAddKey, or luksFormat), the user spe=
cify, how much the time the password processing should consume.=20
+Increasing the time will lead to a more secure password, but also will tak=
e luksOpen longer to complete. The default setting of one second is suffici=
ent for good security.
+.SH NOTES ON PASSWORDS
+Mathematic can't be bribed. Make sure you keep your passwords save. There =
are a few nice tricks for constructing a fallback, when suddely out of (or =
after being) blue, your brain refuses to cooperate. These fallbacks are pos=
sible with LUKS, as it's only possible with LUKS to have multiple passwords.
+.SH AUTHORS
+cryptsetup is written by Christophe Saout <christophe at saout.de>
+.br
+LUKS extensions, and man page by Clemens Fruhwirth <clemens at endorphin.org>
+.SH "REPORTING BUGS"
+Report bugs to <dm-crypt at saout.de>.
+.SH COPYRIGHT
+Copyright \(co 2004 Christophe Saout
+.br
+Copyright \(co 2004-2005 Clemens Fruhwirth
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH "SEE ALSO"
+
+dm-crypt website, \fBhttp://www.saout.de/misc/dm-crypt/\fR
+
+LUKS website, \fBhttp://luks.endorphin.org\fR
+
+dm-crypt TWiki, \fBhttp://www.saout.de/tikiwiki/tiki-index.php\fR
diff -Naurp cryptsetup-20050111/debian/cryptsetup-luks.postinst cryptsetup-=
luks-1.0/debian/cryptsetup-luks.postinst
--- cryptsetup-20050111/debian/cryptsetup-luks.postinst	1970-01-01 01:00:00=
=2E000000000 +0100
+++ cryptsetup-luks-1.0/debian/cryptsetup-luks.postinst	2005-04-02 23:08:13=
=2E000000000 +0200
@@ -0,0 +1,19 @@
+#! /bin/sh -e
+
+case "$1" in
+	configure)
+	update-rc.d cryptdisks start 28 S . start 48 0 6 .
+	;;
+=09
+	abort-upgrade|abort-remove|abort-deconfigure)
+	;;
+=09
+	*)
+	echo "postinst called with unknown argument '$1'" >&2
+	exit 1
+	;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff -Naurp cryptsetup-20050111/debian/cryptsetup-luks.postrm cryptsetup-lu=
ks-1.0/debian/cryptsetup-luks.postrm
--- cryptsetup-20050111/debian/cryptsetup-luks.postrm	1970-01-01 01:00:00.0=
00000000 +0100
+++ cryptsetup-luks-1.0/debian/cryptsetup-luks.postrm	2005-04-02 23:08:13.0=
00000000 +0200
@@ -0,0 +1,22 @@
+#! /bin/sh -e
+
+case "$1" in
+	remove)
+	;;
+=09
+	purge)
+	update-rc.d cryptdisks remove > /dev/null
+	;;
+=09
+	upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+	;;
+=09
+	*)
+	echo "postrm called with unknown argument '$1'" >&2
+	exit 1
+	;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff -Naurp cryptsetup-20050111/debian/cryptsetup-luks.preinst cryptsetup-l=
uks-1.0/debian/cryptsetup-luks.preinst
--- cryptsetup-20050111/debian/cryptsetup-luks.preinst	1970-01-01 01:00:00.=
000000000 +0100
+++ cryptsetup-luks-1.0/debian/cryptsetup-luks.preinst	2005-04-02 23:08:13.=
000000000 +0200
@@ -0,0 +1,32 @@
+#! /bin/sh -e
+
+create_etc_keys() {
+	[ -d /etc/keys/ ] || mkdir -p /etc/keys/
+}
+
+create_crypttab() {
+	if [ ! -f /etc/crypttab ]; then
+		cat <<-EOC >/etc/crypttab
+		# <target device> <source device> <key file> <options>
+		EOC
+	fi
+}
+
+case "$1" in
+	install)
+	create_etc_keys
+	create_crypttab
+	;;
+=09
+	upgrade|abort-upgrade)
+	;;
+=09
+	*)
+	echo "preinst called with unknown argument '$1'" >&2
+	exit 1
+	;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff -Naurp cryptsetup-20050111/debian/cryptsetup.postinst cryptsetup-luks-=
1.0/debian/cryptsetup.postinst
--- cryptsetup-20050111/debian/cryptsetup.postinst	2005-02-09 18:02:53.0000=
00000 +0100
+++ cryptsetup-luks-1.0/debian/cryptsetup.postinst	1970-01-01 01:00:00.0000=
00000 +0100
@@ -1,19 +0,0 @@
-#! /bin/sh -e
-
-case "$1" in
-	configure)
-	update-rc.d cryptdisks start 28 S . start 48 0 6 .
-	;;
-=09
-	abort-upgrade|abort-remove|abort-deconfigure)
-	;;
-=09
-	*)
-	echo "postinst called with unknown argument '$1'" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff -Naurp cryptsetup-20050111/debian/cryptsetup.postrm cryptsetup-luks-1.=
0/debian/cryptsetup.postrm
--- cryptsetup-20050111/debian/cryptsetup.postrm	2005-02-09 18:02:53.000000=
000 +0100
+++ cryptsetup-luks-1.0/debian/cryptsetup.postrm	1970-01-01 01:00:00.000000=
000 +0100
@@ -1,22 +0,0 @@
-#! /bin/sh -e
-
-case "$1" in
-	remove)
-	;;
-=09
-	purge)
-	update-rc.d cryptdisks remove > /dev/null
-	;;
-=09
-	upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-	;;
-=09
-	*)
-	echo "postrm called with unknown argument '$1'" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff -Naurp cryptsetup-20050111/debian/cryptsetup.preinst cryptsetup-luks-1=
=2E0/debian/cryptsetup.preinst
--- cryptsetup-20050111/debian/cryptsetup.preinst	2005-02-09 18:02:53.00000=
0000 +0100
+++ cryptsetup-luks-1.0/debian/cryptsetup.preinst	1970-01-01 01:00:00.00000=
0000 +0100
@@ -1,32 +0,0 @@
-#! /bin/sh -e
-
-create_etc_keys() {
-	[ -d /etc/keys/ ] || mkdir -p /etc/keys/
-}
-
-create_crypttab() {
-	if [ ! -f /etc/crypttab ]; then
-		cat <<-EOC >/etc/crypttab
-		# <target device> <source device> <key file> <options>
-		EOC
-	fi
-}
-
-case "$1" in
-	install)
-	create_etc_keys
-	create_crypttab
-	;;
-=09
-	upgrade|abort-upgrade)
-	;;
-=09
-	*)
-	echo "preinst called with unknown argument '$1'" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff -Naurp cryptsetup-20050111/debian/rules cryptsetup-luks-1.0/debian/rul=
es
--- cryptsetup-20050111/debian/rules	2005-02-09 18:02:53.000000000 +0100
+++ cryptsetup-luks-1.0/debian/rules	2005-04-03 13:41:18.000000000 +0200
@@ -36,11 +36,11 @@ build: build-stamp
=20
 build-stamp:  config.status
 	dh_testdir
-	docbook-to-man debian/cryptsetup.sgml > debian/cryptsetup.8
+	#docbook-to-man debian/cryptsetup.sgml > debian/cryptsetup.8
 	docbook-to-man debian/crypttab.sgml > debian/crypttab.5
 	$(MAKE)
 	# cannot depend on libraries in /usr !
-	gcc lib/*.o src/*.o -o src/cryptsetup.static -lpopt -ldevmapper \
+	gcc lib/.libs/*.o src/*.o luks/.libs/*.o -o src/cryptsetup.static -lpopt =
-ldevmapper -luuid \
 		/usr/lib/libgcrypt.a /usr/lib/libgpg-error.a
 	touch build-stamp
=20
@@ -52,7 +52,8 @@ clean:
 	if test -f Makefile; then $(MAKE) clean; fi
 	if test -f config.mess; then rm -f `cat config.mess`; fi
=20
-	rm -f debian/cryptsetup.8 debian/crypttab.5 config.mess
+	#rm -f debian/cryptsetup.8 debian/crypttab.5 config.mess
+	rm -f debian/crypttab.5 config.mess
 	rm -rf autom4te.cache m4
 	rm -f src/cryptsetup.static
=20
@@ -64,13 +65,13 @@ install: build
 	dh_clean -k=20
 	dh_installdirs
=20
-	$(MAKE) DESTDIR=3D$(CURDIR)/debian/cryptsetup install
-	cp src/cryptsetup.static $(CURDIR)/debian/cryptsetup/sbin/cryptsetup
+	$(MAKE) DESTDIR=3D$(CURDIR)/debian/cryptsetup-luks install
+	cp src/cryptsetup.static $(CURDIR)/debian/cryptsetup-luks/sbin/cryptsetup
=20
-	install debian/cryptdisks $(CURDIR)/debian/cryptsetup/etc/init.d
-	install -m 0644 debian/cryptdisks.default $(CURDIR)/debian/cryptsetup/etc=
/default/cryptdisks
-	install -m 0644 debian/cryptsetup.8 $(CURDIR)/debian/cryptsetup/usr/share=
/man/man8
-	install -m 0644 debian/crypttab.5 $(CURDIR)/debian/cryptsetup/usr/share/m=
an/man5
+	install debian/cryptdisks $(CURDIR)/debian/cryptsetup-luks/etc/init.d
+	install -m 0644 debian/cryptdisks.default $(CURDIR)/debian/cryptsetup-luk=
s/etc/default/cryptdisks
+	install -m 0644 debian/cryptsetup.8 $(CURDIR)/debian/cryptsetup-luks/usr/=
share/man/man8
+	install -m 0644 debian/crypttab.5 $(CURDIR)/debian/cryptsetup-luks/usr/sh=
are/man/man5
=20
 binary-indep: build install
 # We have nothing to do by default.
diff -Naurp cryptsetup-20050111/lib/internal.h cryptsetup-luks-1.0/lib/inte=
rnal.h
--- cryptsetup-20050111/lib/internal.h	2004-03-09 21:41:38.000000000 +0100
+++ cryptsetup-luks-1.0/lib/internal.h	2005-04-02 23:08:13.000000000 +0200
@@ -7,6 +7,7 @@
=20
 #include <stdint.h>
 #include <stdarg.h>
+#include <unistd.h>
=20
 #define SECTOR_SHIFT		9
 #define SECTOR_SIZE		(1 << SECTOR_SHIFT)
@@ -60,4 +61,7 @@ int hash(const char *backend_name, const
 struct setup_backend *get_setup_backend(const char *name);
 void put_setup_backend(struct setup_backend *backend);
=20
+ssize_t write_blockwise(int fd, const void *buf, size_t count);
+ssize_t read_blockwise(int fd, void *_buf, size_t count);
+
 #endif /* INTERNAL_H */
diff -Naurp cryptsetup-20050111/lib/libcryptsetup.h cryptsetup-luks-1.0/lib=
/libcryptsetup.h
--- cryptsetup-20050111/lib/libcryptsetup.h	2004-03-10 17:50:00.000000000 +=
0100
+++ cryptsetup-luks-1.0/lib/libcryptsetup.h	2005-04-02 23:08:13.000000000 +=
0200
@@ -3,9 +3,8 @@
=20
 #include <stdint.h>
=20
-#define	CRYPT_FLAG_PASSPHRASE	(1 << 0)
-#define	CRYPT_FLAG_VERIFY	(1 << 1)
-#define CRYPT_FLAG_READONLY	(1 << 2)
+#define	CRYPT_FLAG_VERIFY	(1 << 0)
+#define CRYPT_FLAG_READONLY	(1 << 1)
=20
 struct crypt_options {
 	const char	*name;
@@ -17,13 +16,16 @@ struct crypt_options {
 	const char	*passphrase;
 	int		passphrase_fd;
 	const char	*key_file;
+	const char	*new_key_file;=09
 	int		key_size;
-
+=09
 	unsigned int	flags;
+	int 	key_slot;
=20
 	uint64_t	size;
 	uint64_t	offset;
 	uint64_t	skip;
+	uint64_t        iteration_time;
 };
=20
 int crypt_create_device(struct crypt_options *options);
diff -Naurp cryptsetup-20050111/lib/libdevmapper.c cryptsetup-luks-1.0/lib/=
libdevmapper.c
--- cryptsetup-20050111/lib/libdevmapper.c	2004-06-03 16:33:44.000000000 +0=
200
+++ cryptsetup-luks-1.0/lib/libdevmapper.c	2005-04-02 23:08:13.000000000 +0=
200
@@ -44,6 +44,16 @@ static void dm_exit(void)
 	dm_lib_release();
 }
=20
+static void flush_dm_workqueue(void)
+{
+	/*=20
+	 * Unfortunately this is the only way to trigger libdevmapper's
+	 * update_nodes function=20
+	 */=20
+	dm_exit();=20
+	dm_init();
+}
+
 static char *__lookup_dev(char *path, dev_t dev)
 {
 	struct dirent *entry;
@@ -175,7 +185,7 @@ static int dm_create_device(int reload,=20
 		options->flags |=3D CRYPT_FLAG_READONLY;
=20
 	r =3D 0;
-
+=09
 out:
 	if (r < 0 && !reload) {
 		char *error =3D (char *)get_error();
@@ -200,6 +210,7 @@ out_restore_error:
 		safe_free(params);
 	if (dmt)
 		dm_task_destroy(dmt);
+	flush_dm_workqueue();
 	return r;
 }
=20
@@ -339,9 +350,11 @@ static int dm_remove_device(struct crypt
 out:=09
 	if (dmt)
 		dm_task_destroy(dmt);
+	flush_dm_workqueue();
 	return r;
 }
=20
+
 static const char *dm_get_dir(void)
 {
 	return dm_dir();
diff -Naurp cryptsetup-20050111/lib/Makefile.am cryptsetup-luks-1.0/lib/Mak=
efile.am
--- cryptsetup-20050111/lib/Makefile.am	2004-03-09 16:03:01.000000000 +0100
+++ cryptsetup-luks-1.0/lib/Makefile.am	2005-04-02 23:08:13.000000000 +0200
@@ -26,6 +26,7 @@ endif
=20
 INCLUDES =3D \
 	-I$(top_srcdir)				\
+	-I$(top_srcdir)/luks			\
 	-DDATADIR=3D\""$(datadir)"\"		\
 	-DLIBDIR=3D\""$(libdir)"\"		\
 	-DPREFIX=3D\""$(prefix)"\"		\
@@ -55,7 +56,9 @@ libcryptsetup_la_LDFLAGS =3D \
=20
 libcryptsetup_la_LIBADD =3D \
 	$(_LIBDEVMAPPER_LIBADD)			\
-	$(_LIBGCRYPT_LIBADD)
+	$(_LIBGCRYPT_LIBADD)			\
+	@UUID_LIBS@				\
+	../luks/libluks.la
=20
 libcryptsetup_la_SOURCES =3D \
 	setup.c					\
diff -Naurp cryptsetup-20050111/lib/setup.c cryptsetup-luks-1.0/lib/setup.c
--- cryptsetup-20050111/lib/setup.c	2004-06-03 16:56:45.000000000 +0200
+++ cryptsetup-luks-1.0/lib/setup.c	2005-04-02 23:28:45.000000000 +0200
@@ -8,10 +8,12 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
+#include <assert.h>
=20
 #include "libcryptsetup.h"
 #include "internal.h"
 #include "blockdev.h"
+#include "luks.h"
=20
 struct device_infos {
 	uint64_t	size;
@@ -61,128 +63,159 @@ static int setup_leave(struct setup_back
 		munlockall();
 }
=20
-static char *xgetpass(const char *prompt, int fd)
+/*
+ * Password reading behaviour matrix of get_key
+ *=20
+ *                    p   v   n
+ * -----------------+---+---+----
+ * interactive      | Y | Y | Y
+ * from fd          | N | N | Y
+ * from binary file | N | N | N
+ *
+ * Legend: p..prompt, v..can verify, n..newline-stop
+ *=20
+ */
+
+static void get_key(struct crypt_options *options, char *prompt, char **ke=
y, int *passLen)=20
 {
+	int fd;
+	const int verify =3D options->flags & CRYPT_FLAG_VERIFY;
 	char *pass =3D NULL;
-	int buflen, i;
-
-	if (isatty(fd)) {
-		char *pass2 =3D getpass(prompt);	/* FIXME */
-		if (!pass2)
-			return NULL;
-
+	int newline_stop;
+=09
+	if(options->key_file) {
+		fd =3D open(options->key_file, O_RDONLY);
+		if (fd < 0) {
+			char buf[128];
+			set_error("Error opening key file: %s",
+			          strerror_r(errno, buf, 128));
+			goto out_err;
+		}=09
+		newline_stop =3D 0;
+	} else {
+		fd =3D options->passphrase_fd;
+		newline_stop =3D 1;
+	}=09
+=09
+	/* Interactive case */
+	if(isatty(fd)) {
+		char *pass2;
+	=09
+		pass2 =3D getpass(prompt);
+		if (!pass2) {
+			set_error("Error reading passphrase");
+			goto out_err;
+		}
 		pass =3D safe_strdup(pass2);
-
 		memset(pass2, 0, strlen(pass2));
-
-		return pass;
-	}
-
-	buflen =3D 0;
-	for (i =3D 0; ; i++) {
-		if (i >=3D buflen - 1) {
-			buflen +=3D 128;
-			pass =3D safe_realloc(pass, buflen);
-			if (!pass) {
-				set_error("Not enough memory while "
-				          "reading passphrase");
-				break;
+	=09
+		if (verify) {
+			char *pass_verify =3D getpass("Verify passphrase: ");
+			if (!pass_verify || strcmp(pass, pass_verify) !=3D 0) {
+				set_error("Passphrases do not match");
+				goto out_err;
 			}
+			memset(pass_verify, 0, strlen(pass_verify));
 		}
-		if (read(fd, pass + i, 1) !=3D 1 || pass[i] =3D=3D '\n')
-			break;
-	}
-
-	if (pass)
-		pass[i] =3D '\0';
-	return pass;
-}
-
-static char *get_key(struct crypt_options *options)
-{
-	char *key =3D safe_alloc(options->key_size);
-	char *pass =3D NULL, *pass2 =3D NULL;
-
-	if (!key) {
-		set_error("Not enough memory to allocate key");
-		goto out_err;
-	}
+		*passLen =3D strlen(pass);
+		*key =3D pass;
+	} else {
+		/*=20
+		 * This is either a fd-input or a file, in neither case we can verify th=
e input,
+		 * however we don't stop on new lines if it's a binary file.
+		 */
+		int buflen, i;
=20
-	if (options->flags & CRYPT_FLAG_PASSPHRASE) {
-		pass =3D xgetpass("Enter passphrase: ", options->passphrase_fd);
-		if (!pass) {
-			set_error("Error reading passphrase");
+		if(verify) {
+			set_error("Can't do passphrase verification on non-tty inputs");
 			goto out_err;
 		}
-
-		if (options->flags & CRYPT_FLAG_VERIFY) {
-			char *pass2 =3D xgetpass("Verify passphrase: ",
-			                       options->passphrase_fd);
-			if (!pass2 || strcmp(pass, pass2) !=3D 0) {
-				set_error("Passphrases do not match");
+		/* The following for control loop does an exhausting
+		 * read on the key material file, if requested with
+		 * key_size =3D=3D 0, as it's done by LUKS. However, we
+		 * should warn the user, if it's a non-regular file,
+		 * such as /dev/random, because in this case, the loop
+		 * will read forever.
+		 */=20
+		if(options->key_file && options->key_size =3D=3D 0) {
+			struct stat st;
+			if(stat(options->key_file, &st) < 0) {
+		 		set_error("Can't stat key file");
 				goto out_err;
 			}
+			if(!S_ISREG(st.st_mode)) {
+				//		 		set_error("Can't do exhausting read on non regular files");
+				// goto out_err;
+				fprintf(stderr,"Warning: exhausting read requested, but key file is no=
t a regular file, function might never return.\n");
+			}
 		}
+		buflen =3D 0;
+		for(i =3D 0; options->key_size =3D=3D 0 || i < options->key_size; i++) {
+			if(i >=3D buflen - 1) {
+				buflen +=3D 128;
+				pass =3D safe_realloc(pass, buflen);
+				if (!pass) {
+					set_error("Not enough memory while "
+					          "reading passphrase");
+					goto out_err;
+				}
+			}
+			if(read(fd, pass + i, 1) !=3D 1 || (newline_stop && pass[i] =3D=3D '\n'=
))
+				break;
+		}
+		if(options->key_file)
+			close(fd);
+		*key =3D pass;
+		*passLen =3D i;
+	}
+	return;
=20
-		if (options->hash) {
-			if (hash(NULL, options->hash, key,
-			         options->key_size, pass) < 0)
-				goto out_err;
-		} else {
-			int len =3D strlen(pass);
-
-			if (len > options->key_size)
-				len =3D options->key_size;
-
-			memcpy(key, pass, len);
+out_err:
+	if(pass)
+		safe_free(pass);
+	*key =3D NULL;
+	*passLen =3D 0;
+	return;
+}
=20
-			if (len < options->key_size)
-				memset(&key[len], 0, options->key_size - len);
-		}
-	} else {
-		FILE *f;
-		int r;
+/*
+ * Password processing behaviour matrix of process_key
+ *=20
+ * from binary file: check if there is sufficently large key material
+ * interactive & from fd: hash if requested, otherwise crop or pad with '0'
+ */
=20
-		if (options->key_file)
-			f =3D fopen(options->key_file, "r");
-		else
-			f =3D fdopen(options->passphrase_fd, "r");
-		if (!f) {
-			char buf[128];
-			set_error("Error opening key file: %s",
-			          strerror_r(errno, buf, 128));
-			goto out_err;
-		}
+static char *process_key(struct crypt_options *options, char *pass, int pa=
ssLen) {
+	char *key =3D safe_alloc(options->key_size);
=20
-		r =3D fread(key, 1, options->key_size, f);
-		if (r < 0) {
-			char buf[128];
-			set_error("Could not read from key file: %s",
-			          strerror_r(errno, buf, 128));
-		}
-		else if (r !=3D options->key_size)
+	/* key is coming from binary file */
+	if (options->key_file) {
+		if(passLen < options->key_size) {
 			set_error("Could not read %d bytes from key file",
 			          options->key_size);
-
-		fclose(f);
-
-		if (r !=3D options->key_size)
-			goto out_err;
+			return NULL;
+		}=20
+		memcpy(key,pass,options->key_size);
+		return key;
+	}
+=09
+	/* key is coming from tty or fd */
+	if (options->hash) {
+		if (hash(NULL, options->hash, key,
+		         options->key_size, pass) < 0)
+		{
+			safe_free(key);
+			return NULL;
+		}
+	} else {
+		int len =3D strlen(pass);
+		if (len > options->key_size)
+			len =3D options->key_size;
+		memcpy(key, pass, len);
+		if (len < options->key_size)
+			memset(&key[len], 0, options->key_size - len);
 	}
-
-out:
-	if (pass)
-		safe_free(pass);
-	if (pass2)
-		safe_free(pass2);
-
 	return key;
-
-out_err:
-	if (key)
-		safe_free(key);
-	key =3D NULL;
-	goto out;
 }
=20
 static int get_device_infos(const char *device, struct device_infos *infos)
@@ -241,6 +274,34 @@ out:
 	return ret;
 }
=20
+static int parse_into_name_and_mode(const char *nameAndMode, char *name,
+					char *mode)
+{
+	// Token content stringification, see info cpp/stringification
+#define str(s) #s
+#define xstr(s) str(s)
+#define sp1 "%" xstr(LUKS_CIPHERNAME_L) "[^-]-%" xstr(LUKS_CIPHERMODE_L)  =
"s"
+#define sp2 "%" xstr(LUKS_CIPHERNAME_L) "[^-]"
+
+	int r;
+
+	if(sscanf(nameAndMode,sp1, name, mode) !=3D 2) {
+		if((r =3Dsscanf(nameAndMode,sp2,name)) =3D=3D 1) {
+			strncpy(mode,"cbc-plain",10);
+		}=20
+		else {
+			fprintf(stderr, "no known cipher-spec pattern detected\n");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+
+#undef sp1
+#undef sp2
+#undef str
+#undef xstr
+}
 static int __crypt_create_device(int reload, struct setup_backend *backend,
                                  struct crypt_options *options)
 {
@@ -249,6 +310,8 @@ static int __crypt_create_device(int rel
 	};
 	struct device_infos infos;
 	char *key =3D NULL;
+	int keyLen;
+	char *processed_key =3D NULL;
 	int r;
=20
 	r =3D backend->status(0, &tmp, NULL);
@@ -288,13 +351,23 @@ static int __crypt_create_device(int rel
 	if (infos.readonly)
 		options->flags |=3D CRYPT_FLAG_READONLY;
=20
-	key =3D get_key(options);
-	if (!key)
+	get_key(options, "Enter passphrase: ", &key, &keyLen);
+	if (!key) {
+		set_error("Key reading error");
 		return -ENOENT;
-
-	r =3D backend->create(reload, options, key);
-
+	}
+=09
+	processed_key =3D process_key(options,key,keyLen);
 	safe_free(key);
+=09
+	if (!processed_key) {
+		set_error("Key processing error");
+		return -ENOENT;
+	}
+=09
+	r =3D backend->create(reload, options, processed_key);
+=09
+	safe_free(processed_key);
=20
 	return r;
 }
@@ -368,6 +441,178 @@ static int __crypt_remove_device(int arg
 	return backend->remove(options);
 }
=20
+static int __crypt_luks_format(int arg, struct setup_backend *backend, str=
uct crypt_options *options)
+{
+	int r;
+=09
+	struct luks_phdr header;
+	struct luks_masterkey mk;
+	char *password;=20
+	char cipherName[LUKS_CIPHERNAME_L];
+	char cipherMode[LUKS_CIPHERMODE_L];
+	int passwordLen;
+	int PBKDF2perSecond;
+=09
+	mk.keyLength =3D options->key_size;
+
+	r =3D LUKS_generate_masterkey(&mk);
+	if(r < 0) return r;=20
+
+#ifdef LUKS_DEBUG
+#define printoffset(entry) printf("offset of " #entry " =3D %d\n", (char *=
)(&header.entry)-(char *)(&header))
+
+	printf("sizeof phdr %d, key slot %d\n",sizeof(struct luks_phdr),sizeof(he=
ader.keyblock[0]));
+
+	printoffset(magic);
+	printoffset(version);
+	printoffset(cipherName);
+	printoffset(cipherMode);
+	printoffset(hashSpec);
+	printoffset(payloadOffset);
+	printoffset(keyBytes);
+	printoffset(mkDigest);
+	printoffset(mkDigestSalt);
+	printoffset(mkDigestIterations);
+	printoffset(uuid);
+#endif
+	r =3D parse_into_name_and_mode(options->cipher, cipherName, cipherMode);
+	if(r < 0) return r;
+
+	r =3D LUKS_generate_phdr(&header,&mk,cipherName, cipherMode,LUKS_STRIPES);
+	if(r < 0) {=20
+		set_error("Can't write phdr");
+		return r;=20
+	}
+
+	PBKDF2perSecond =3D LUKS_benchmarkt_iterations();
+	header.keyblock[0].passwordIterations =3D  PBKDF2perSecond * ((float)opti=
ons->iteration_time / 1000.0);
+#ifdef LUKS_DEBUG
+	fprintf(stderr, "pitr %d\n", header.keyblock[0].passwordIterations);
+#endif
+	options->key_size =3D 0; // FIXME, define a clean interface some day.
+	options->key_file =3D options->new_key_file;
+	options->new_key_file =3D NULL;
+	get_key(options,"Enter LUKS passphrase: ",&password,&passwordLen);
+	if(!password) {
+		r =3D -EINVAL; goto out;
+	}
+=09
+	r =3D LUKS_set_key(options->device, 0, password, passwordLen, &header, &m=
k, backend);
+	if(r < 0) goto out;=20
+
+	r =3D 0;
+out:
+	memset(&mk,0,sizeof(mk));
+	safe_free(password);
+	return r;
+}
+
+static int __crypt_luks_open(int arg, struct setup_backend *backend, struc=
t crypt_options *options)
+{
+	struct luks_masterkey mk;
+	struct luks_phdr hdr;
+	char *password; int passwordLen;
+	struct device_infos infos;
+	char *dmCipherSpec;
+	int r;
+=09
+	options->key_size =3D 0; // FIXME, define a clean interface some day.
+	get_key(options,"Enter LUKS passphrase: ",&password,&passwordLen);
+	if(!password) {
+		r =3D -EINVAL; goto out;
+	}
+	if(LUKS_open_any_key(options->device, password, passwordLen, &hdr, &mk, b=
ackend) < 0) {
+		set_error("No key available with this passphrase.\n");
+		r =3D -EPERM; goto out;
+	}
+=09
+	options->offset =3D hdr.payloadOffset;
+ 	asprintf(&dmCipherSpec, "%s-%s", hdr.cipherName, hdr.cipherMode);
+	options->cipher =3D dmCipherSpec;
+	options->key_size =3D mk.keyLength;
+	options->skip =3D 0; options->flags =3D 0;
+
+	if (get_device_infos(options->device, &infos) < 0) {
+		set_error("Can't get device information.\n");
+		r =3D -ENOTBLK; goto out;
+	}
+	options->size =3D infos.size;
+	if (!options->size) {
+		set_error("Not a block device.\n");
+		r =3D -ENOTBLK; goto out;
+	}
+	if (options->size <=3D options->offset) {
+		set_error("Invalid offset");
+		/*		printf("s: %d, o: %d\n",options->size, options->offset); */
+		r =3D -EINVAL; goto out;
+	}
+	options->size -=3D options->offset;
+	backend->create(0, options, mk.key);
+	r =3D 0;
+out:=09
+	memset(&mk,0,sizeof(mk));
+	safe_free(password);=09
+	return r;
+}
+
+static int __crypt_luks_add_key(int arg, struct setup_backend *backend, st=
ruct crypt_options *options)
+{
+	struct luks_masterkey mk;
+	struct luks_phdr hdr;
+	char *password; unsigned int passwordLen;
+	unsigned int i; unsigned int keyIndex;
+	const char *device =3D options->device;
+	struct crypt_options optionsCheck =3D {=20
+		.key_file =3D options->key_file,
+		.flags =3D options->flags & ~CRYPT_FLAG_VERIFY,
+	};
+	struct crypt_options optionsSet =3D {=20
+		.key_file =3D options->new_key_file,
+		.flags =3D options->flags,
+	};
+	int r;
+=09
+	r =3D LUKS_read_phdr(device, &hdr);
+	if(r < 0) return r;
+
+	/* Find empty key slot */
+	for(i=3D0; i<LUKS_NUMKEYS; i++) {
+		if(hdr.keyblock[i].active =3D=3D LUKS_KEY_DISABLED) break;
+	}
+	if(i=3D=3DLUKS_NUMKEYS) {
+		set_error("All slots full");
+		return -EINVAL;
+	}
+	keyIndex =3D i;
+=09
+	optionsCheck.key_size =3D 0; // FIXME, define a clean interface some day.
+	get_key(&optionsCheck,"Enter any LUKS passphrase: ",&password,&passwordLe=
n);
+	if(!password) {
+		r =3D -EINVAL; goto out;
+	}
+	if(LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend) <=
 0) {
+		printf("No key available with this passphrase.\n");
+		r =3D -EPERM; goto out;
+	}
+	safe_free(password);
+=09
+	optionsSet.key_size =3D 0; // FIXME, define a clean interface some day.
+	get_key(&optionsSet,"Enter new passphrase for key slot: ",&password,&pass=
wordLen);
+	if(!password) {
+		r =3D -EINVAL; goto out;
+	}
+
+	hdr.keyblock[keyIndex].passwordIterations =3D LUKS_benchmarkt_iterations(=
) * ((float)options->iteration_time / 1000);
+
+    	r =3D LUKS_set_key(device, keyIndex, password, passwordLen, &hdr, &mk=
, backend);
+	if(r < 0) goto out;
+
+	r =3D 0;
+out:
+	safe_free(password);
+	return r;
+}
+
 static int crypt_job(int (*job)(int arg, struct setup_backend *backend,
                                 struct crypt_options *options),
                      int arg, struct crypt_options *options)
@@ -420,8 +665,92 @@ int crypt_query_device(struct crypt_opti
 int crypt_remove_device(struct crypt_options *options)
 {
 	return crypt_job(__crypt_remove_device, 0, options);
+
 }
=20
+int crypt_luksFormat(struct crypt_options *options)
+{
+	return crypt_job(__crypt_luks_format, 0, options);
+}
+
+int crypt_luksOpen(struct crypt_options *options)
+{
+	return crypt_job(__crypt_luks_open, 0, options);
+}
+
+int crypt_luksDelKey(struct crypt_options *options)
+{
+	LUKS_del_key(options->device, options->key_slot);
+}
+
+int crypt_luksAddKey(struct crypt_options *options)
+{
+	return crypt_job(__crypt_luks_add_key, 0, options);
+}
+
+int crypt_luksUUID(struct crypt_options *options)
+{
+	struct luks_phdr hdr;
+	int r;
+
+	r =3D LUKS_read_phdr(options->device,&hdr);
+	if(r < 0) return r;
+
+	printf("%s\n",hdr.uuid);
+	return 0;
+}
+
+int crypt_isLuks(struct crypt_options *options)
+{
+	struct luks_phdr hdr;
+	return LUKS_read_phdr(options->device,&hdr);
+}
+
+int crypt_luksDump(struct crypt_options *options)
+{
+	struct luks_phdr hdr;
+	int r,i;
+
+	r =3D LUKS_read_phdr(options->device,&hdr);
+	if(r < 0) return r;
+
+	printf("LUKS header information for %s\n\n",options->device);
+    	printf("Version:       \t%d\n",hdr.version);
+	printf("Cipher name:   \t%s\n",hdr.cipherName);
+	printf("Cipher mode:   \t%s\n",hdr.cipherMode);
+	printf("Hash spec:     \t%s\n",hdr.hashSpec);
+	printf("Payload offset:\t%d\n",hdr.payloadOffset);
+	printf("MK bits:       \t%d\n",hdr.keyBytes*8);
+	printf("MK digest:     \t");
+	hexprint(hdr.mkDigest,LUKS_DIGESTSIZE);
+	printf("\n");
+	printf("MK salt:       \t");
+	hexprint(hdr.mkDigestSalt,LUKS_SALTSIZE/2);
+	printf("\n               \t");
+	hexprint(hdr.mkDigestSalt+LUKS_SALTSIZE/2,LUKS_SALTSIZE/2);
+	printf("\n");
+	printf("MK iterations: \t%d\n",hdr.mkDigestIterations);
+	printf("UUID:          \t%s\n\n",hdr.uuid);
+	for(i=3D0;i<LUKS_NUMKEYS;i++) {
+		if(hdr.keyblock[i].active =3D=3D LUKS_KEY_ENABLED) {
+			printf("Key Slot %d: ENABLED\n",i);
+			printf("\tIterations:         \t%d\n",hdr.keyblock[i].passwordIteration=
s);
+			printf("\tSalt:               \t");
+			hexprint(hdr.keyblock[i].passwordSalt,LUKS_SALTSIZE/2);
+			printf("\n\t                      \t");
+			hexprint(hdr.keyblock[i].passwordSalt+LUKS_SALTSIZE/2,LUKS_SALTSIZE/2);
+			printf("\n");
+
+			printf("\tKey material offset:\t%d\n",hdr.keyblock[i].keyMaterialOffset=
);
+			printf("\tAF stripes:            \t%d\n",hdr.keyblock[i].stripes);
+		}	=09
+		else=20
+			printf("Key Slot %d: DISABLED\n",i);
+	}
+	return 0;
+}
+
+
 void crypt_get_error(char *buf, size_t size)
 {
 	const char *error =3D get_error();
diff -Naurp cryptsetup-20050111/lib/utils.c cryptsetup-luks-1.0/lib/utils.c
--- cryptsetup-20050111/lib/utils.c	2004-03-09 16:03:01.000000000 +0100
+++ cryptsetup-luks-1.0/lib/utils.c	2005-04-02 23:08:13.000000000 +0200
@@ -3,6 +3,7 @@
 #include <stdlib.h>
 #include <stddef.h>
 #include <stdarg.h>
+#include <errno.h>
=20
 #include "libcryptsetup.h"
 #include "internal.h"
@@ -123,3 +124,79 @@ char *safe_strdup(const char *s)
=20
 	return strcpy(s2, s);
 }
+
+/* Credits go to Michal's padlock patches for this alignment code */
+
+static void *aligned_malloc(char **base, int size, int alignment)=20
+{
+	char *ptr;
+
+	ptr  =3D malloc(size + alignment);
+	if(ptr =3D=3D NULL) return NULL;
+
+	*base =3D ptr;
+	if(alignment > 1 && ((long)ptr & (alignment - 1))) {
+		ptr +=3D alignment - ((long)(ptr) & (alignment - 1));
+	}
+	return ptr;
+}
+
+ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)=20
+{
+	char *padbuf; char *base;
+	char *buf =3D (char *)orig_buf;
+	int hangover =3D count % SECTOR_SIZE;
+	int solid =3D count - hangover;
+	int r;
+
+	padbuf =3D aligned_malloc(&base, SECTOR_SIZE, SECTOR_SIZE);
+	if(padbuf =3D=3D NULL) return -ENOMEM;
+
+	while(solid) {
+		memcpy(padbuf, buf, SECTOR_SIZE);
+		r =3D write(fd, padbuf, SECTOR_SIZE);
+		if(r < 0 || r !=3D SECTOR_SIZE) goto out;
+
+		solid -=3D SECTOR_SIZE;
+		buf +=3D SECTOR_SIZE;
+	}
+	if(hangover) {
+		r =3D read(fd,padbuf,SECTOR_SIZE);
+		if(r < 0 || r !=3D SECTOR_SIZE) goto out;
+
+		lseek(fd,-SECTOR_SIZE,SEEK_CUR);
+		memcpy(padbuf,buf,hangover);
+
+		r =3D write(fd,padbuf, SECTOR_SIZE);
+		if(r < 0 || r !=3D SECTOR_SIZE) goto out;
+		buf +=3D hangover;
+	}
+ out:
+	free(base);
+	return (buf-(char *)orig_buf)?(buf-(char *)orig_buf):r;
+
+}
+
+
+ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
+	char *base; char *padbuf;
+	char *buf =3D (char *)orig_buf;
+	int r;
+	int step;
+
+	padbuf =3D aligned_malloc(&base, SECTOR_SIZE, SECTOR_SIZE);
+	if(padbuf =3D=3D NULL) return -ENOMEM;
+
+	while(count) {
+		r =3D read(fd,padbuf,SECTOR_SIZE);
+		if(r < 0) goto out;
+	=09
+		step =3D count<SECTOR_SIZE?count:SECTOR_SIZE;
+		memcpy(buf,padbuf,step);
+		buf +=3D step;
+		count -=3D step;
+	}
+ out:
+	free(base);=20
+	return (buf-(char *)orig_buf)?(buf-(char *)orig_buf):r;
+}
diff -Naurp cryptsetup-20050111/luks/af.c cryptsetup-luks-1.0/luks/af.c
--- cryptsetup-20050111/luks/af.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/af.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,115 @@
+/*
+ * AFsplitter - Anti forensic information splitter
+ * Copyright 2004, Clemens Fruhwirth <clemens at endorphin.org>
+ *
+ * AFsplitter diffuses information over a large stripe of data,=20
+ * therefor supporting secure data destruction.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, =
USA.
+ */
+=20
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <errno.h>
+#include "sha1.h"
+#include "XORblock.h"
+
+/* diffuse: Information spreading over the whole dataset with
+ * the help of sha512.=20
+ */
+
+static void diffuse(unsigned char *src, unsigned char *dst, unsigned int s=
ize)
+{
+	sha1_ctx ctx;
+	uint32_t i;
+	uint32_t IV;	/* host byte order independend hash IV */
+=09
+	unsigned int fullblocks =3D size/SHA1_DIGEST_SIZE;
+	unsigned int padding =3D size%SHA1_DIGEST_SIZE;
+	unsigned char final[SHA1_DIGEST_SIZE];
+
+	/* hash block the whole data set with different IVs to produce
+	 * more than just a single data block
+	 */
+	for (i=3D0; i < fullblocks; i++) {
+		sha1_begin(&ctx);
+		IV =3D htonl(i);
+		sha1_hash((const char *)&IV,sizeof(IV),&ctx);
+		sha1_hash(src+SHA1_DIGEST_SIZE*i,SHA1_DIGEST_SIZE,&ctx);
+		sha1_end(dst+SHA1_DIGEST_SIZE*i,&ctx);
+	}
+=09
+	if(padding) {
+		sha1_begin(&ctx);
+		IV =3D htonl(i);
+		sha1_hash((const char *)&IV,sizeof(IV),&ctx);
+		sha1_hash(src+SHA1_DIGEST_SIZE*i,padding,&ctx);
+		sha1_end(final,&ctx);
+		memcpy(dst+SHA1_DIGEST_SIZE*i,final,padding);
+	}
+}
+
+/*
+ * Information splitting. The amount of data is multiplied by
+ * blocknumbers. The same blocksize and blocknumbers values=20
+ * must be supplied to AF_merge to recover information.
+ */
+
+int AF_split(char *src, char *dst, unsigned int blocksize, unsigned int bl=
ocknumbers)
+{
+	unsigned int i;
+	char *bufblock;
+	int r =3D -EINVAL;
+
+	if((bufblock =3D malloc(blocksize)) =3D=3D NULL) return -ENOMEM;
+
+	memset(bufblock,0,blocksize);
+	/* process everything except the last block */
+	for(i=3D0; i<blocknumbers-1; i++) {
+		r =3D getRandom(dst+(blocksize*i),blocksize);
+		if(r < 0) goto out;
+		XORblock(dst+(blocksize*i),bufblock,bufblock,blocksize);
+		diffuse(bufblock,bufblock,blocksize);
+	}
+	/* the last block is computed */
+	XORblock(src,bufblock,dst+(i*blocksize),blocksize);
+	r =3D 0;
+out:
+	free(bufblock);
+	return r;
+}
+
+int AF_merge(char *src, char *dst, unsigned int blocksize, unsigned int bl=
ocknumbers)
+{
+	unsigned int i;
+	char *bufblock;
+
+	if((bufblock =3D malloc(blocksize)) =3D=3D NULL) return -ENOMEM;
+
+	memset(bufblock,0,blocksize);
+	for(i=3D0; i<blocknumbers-1; i++) {
+		XORblock(src+(blocksize*i),bufblock,bufblock,blocksize);
+		diffuse(bufblock,bufblock,blocksize);
+	}
+	XORblock(src+(i*blocksize),bufblock,dst,blocksize);
+
+	free(bufblock);=09
+	return 0;
+}
diff -Naurp cryptsetup-20050111/luks/af.h cryptsetup-luks-1.0/luks/af.h
--- cryptsetup-20050111/luks/af.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/af.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,20 @@
+/*
+ * AFsplitter - Anti forensic information splitter
+ * Copyright 2004, Clemens Fruhwirth <clemens at endorphin.org>
+ */
+
+/*
+ * AF_split operates on src and produces information splitted data in=20
+ * dst. src is assumed to be of the length blocksize. The data stripe
+ * dst points to must be captable of storing blocksize*blocknumbers.=20
+ * blocknumbers is the data multiplication factor.
+ *
+ * AF_merge does just the opposite: reproduces the information stored in=
=20
+ * src of the length blocksize*blocknumbers into dst of the length=20
+ * blocksize.
+ *
+ * On error, both functions return -1, 0 otherwise.
+ */=20
+
+int AF_split(char *src, char *dst, unsigned int blocksize, unsigned int bl=
ocknumbers);
+int AF_merge(char *src, char *dst, unsigned int blocksize, unsigned int bl=
ocknumbers);
diff -Naurp cryptsetup-20050111/luks/hexprint.c cryptsetup-luks-1.0/luks/he=
xprint.c
--- cryptsetup-20050111/luks/hexprint.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/hexprint.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,9 @@
+void hexprint(char *d, int n)
+{
+	int i;
+	for(i =3D 0; i < n; i++)
+	{
+		printf("%02hhx ", (char)d[i]);
+	}
+}
+
diff -Naurp cryptsetup-20050111/luks/keyencryption.c cryptsetup-luks-1.0/lu=
ks/keyencryption.c
--- cryptsetup-20050111/luks/keyencryption.c	1970-01-01 01:00:00.000000000 =
+0100
+++ cryptsetup-luks-1.0/luks/keyencryption.c	2005-04-02 23:08:13.000000000 =
+0200
@@ -0,0 +1,115 @@
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "luks.h"
+#include "../lib/libcryptsetup.h"
+#include "../lib/internal.h"
+#include "../lib/blockdev.h"
+
+static int setup_mapping(const char *cipher, const char *name,=20
+			 const char *device, unsigned int payloadOffset,
+			 const char *key, unsigned int keyLength,=20
+			 unsigned int sector, unsigned int srcLength,=20
+			 struct setup_backend *backend)
+{
+	struct crypt_options k;
+	struct crypt_options *options =3D &k;
+
+	int r;
+
+	options->offset =3D sector;
+	options->size =3D payloadOffset;=09
+
+	options->cipher =3D cipher;
+	options->key_size =3D keyLength;
+	options->skip =3D 0; options->flags =3D 0;
+	options->name =3D name;
+	options->device =3D device;
+=09
+	if (options->size <=3D options->offset) {
+		set_error("Invalid offset");
+		return -EINVAL;
+	}
+
+	r =3D backend->create(0, options, key);
+
+	if (r <=3D 0)
+		set_error(NULL);
+
+	return r;
+}
+
+static int clear_mapping(const char *name, struct setup_backend *backend)
+{
+	struct crypt_options options;
+	options.name=3Dname;
+	backend->remove(&options);=09
+}
+
+static int LUKS_endec_template(char *src, unsigned int srcLength,=20
+			       struct luks_phdr *hdr,=20
+			       char *key, unsigned int keyLength,=20
+			       const char *device,=20
+			       unsigned int sector, struct setup_backend *backend,
+			       ssize_t (*func)(int, void *, size_t))
+{
+	int devfd;
+	char *name;
+	char *fullpath;
+	char *dmCipherSpec;
+	int r;
+=09
+	asprintf(&name,"temporary-cryptsetup-%d",getpid());
+	asprintf(&fullpath,"%s/%s",dm_dir(),name);
+	asprintf(&dmCipherSpec,"%s-%s",hdr->cipherName, hdr->cipherMode);
+
+	r =3D setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLe=
ngth,sector,srcLength,backend);
+	if(r < 0) {
+		fprintf(stderr,"failed to setup dm-crypt mapping.\n");
+		goto out;=20
+	}
+
+	devfd =3D open(fullpath,O_RDWR | O_DIRECT | O_SYNC);
+	if(devfd =3D=3D -1) { r =3D -EIO; goto out2; }
+
+	r =3D func(devfd,src,srcLength);
+	if(r < 0) { r =3D -EIO; goto out3; }
+
+	r =3D 0;
+out3:
+	close(devfd);
+out2:
+	clear_mapping(name,backend);
+out:
+	free(name); free(fullpath); free(dmCipherSpec);
+	return r;
+}
+
+int LUKS_encrypt_to_storage(char *src, unsigned int srcLength,=20
+			    struct luks_phdr *hdr,=20
+			    char *key, unsigned int keyLength,=20
+			    const char *device,=20
+			    unsigned int sector, struct setup_backend *backend)
+{
+=09
+	return LUKS_endec_template(src,srcLength,hdr,key,keyLength, device, secto=
r, backend,=09
+				   (ssize_t (*)(int, void *, size_t)) write_blockwise);
+}=09
+
+int LUKS_decrypt_from_storage(char *dst, unsigned int dstLength,=20
+			      struct luks_phdr *hdr,=20
+			      char *key, unsigned int keyLength,=20
+			      const char *device,=20
+			      unsigned int sector, struct setup_backend *backend)
+{
+	return LUKS_endec_template(dst,dstLength,hdr,key,keyLength, device, secto=
r, backend, read_blockwise);
+}
diff -Naurp cryptsetup-20050111/luks/keymanage.c cryptsetup-luks-1.0/luks/k=
eymanage.c
--- cryptsetup-20050111/luks/keymanage.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/keymanage.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,422 @@
+/*
+ * LUKS - Linux Unified Key Setup=20
+ *
+ * Copyright (C) 2004, Clemens Fruhwirth <clemens at endorphin.org>
+ *
+ */
+=20
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+#include <assert.h>
+#include <stdio.h>
+
+#include "luks.h"
+#include "af.h"
+#include "pbkdf.h"
+#include "sha1.h"
+#include "random.h"
+#include "XORblock.h"
+#include <uuid/uuid.h>
+
+int LUKS_generate_masterkey(struct luks_masterkey *mk)
+{
+	return getRandom(mk->key,mk->keyLength);
+}
+
+int LUKS_read_phdr(const char *device, struct luks_phdr *hdr)
+{
+	int devfd =3D 0;=20
+	unsigned int i;=20
+	int r;
+	char luksMagic[] =3D LUKS_MAGIC;
+	int V99to991 =3D 0;
+=09
+	devfd =3D open(device,O_RDWR | O_DIRECT | O_SYNC);
+	if(-1 =3D=3D devfd) {
+		fprintf(stderr,"Can't open device: %s\n", device);
+		return -EINVAL;=20
+	}
+
+	r =3D read_blockwise(devfd, hdr, sizeof(struct luks_phdr));
+	if(-1 =3D=3D r || r < sizeof(struct luks_phdr)) {
+		r =3D -EIO; goto out;
+	}
+
+	/* Check magic */
+	if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) {
+		fprintf(stderr,"not a LUKS partition\n");
+		r =3D -EINVAL; goto out;=09
+	}
+
+	/* Check for SHA1 - other hashspecs are not implemented ATM */
+	if(memcmp(hdr->hashSpec, "sha1", 4)) {
+		fprintf(stderr, "unknown hash spec in phdr\n");
+		r =3D -EINVAL; goto out;
+	}
+	=09
+	/* Convert every uint16/32_t item from network byte order */
+	hdr->version=3Dntohs(hdr->version);
+
+	if(hdr->version !=3D 1) {
+		fprintf(stderr,"unknown version %d\n",hdr->version);
+		r =3D -EINVAL; goto out;
+	}
+
+	hdr->payloadOffset=3Dntohl(hdr->payloadOffset);
+	hdr->keyBytes=3Dntohl(hdr->keyBytes);
+	hdr->mkDigestIterations=3Dntohl(hdr->mkDigestIterations);
+	for(i=3D0; i<LUKS_NUMKEYS; i++) {
+		hdr->keyblock[i].active =3D ntohl(hdr->keyblock[i].active);
+		if(hdr->keyblock[i].active =3D=3D LUKS_KEY_DISABLED_OLD) {
+			hdr->keyblock[i].active =3D LUKS_KEY_DISABLED;
+			V99to991 =3D 1;
+		}
+		if(hdr->keyblock[i].active =3D=3D LUKS_KEY_ENABLED_OLD) {
+			hdr->keyblock[i].active =3D LUKS_KEY_ENABLED;
+			V99to991 =3D 1;
+		}
+		hdr->keyblock[i].passwordIterations =3D ntohl(hdr->keyblock[i].passwordI=
terations);
+		hdr->keyblock[i].keyMaterialOffset =3D ntohl(hdr->keyblock[i].keyMateria=
lOffset);
+		hdr->keyblock[i].stripes =3D ntohl(hdr->keyblock[i].stripes);
+	}
+	r =3D 0;
+out:
+	close(devfd);
+	/* Ugly conversion */
+	if(V99to991) {
+		struct luks_phdr tmp_phdr;
+		fprintf(stderr,"automatic header conversion from 0.99 to 0.991 triggered=
\n");
+		hdr->mkDigestIterations=3Dntohs(htonl(hdr->mkDigestIterations));
+		memcpy(&tmp_phdr,hdr,sizeof(struct luks_phdr));
+		LUKS_write_phdr(device,&tmp_phdr);=20
+	}
+	return r;
+}
+
+int LUKS_write_phdr(const char *device, struct luks_phdr *hdr)
+{
+	int devfd =3D 0;=20
+	unsigned int i;=20
+	struct luks_phdr convHdr;
+	int r;
+=09
+	devfd =3D open(device,O_RDWR | O_DIRECT | O_SYNC);
+	if(-1 =3D=3D devfd) {=20
+		fprintf(stderr,"Can't open device: %s\n", device);
+		return -EINVAL;
+	}
+
+	memcpy(&convHdr,hdr,sizeof(struct luks_phdr));
+
+	/* Convert every uint16/32_t item to network byte order */
+	convHdr.version =3D htons(hdr->version);
+	convHdr.payloadOffset =3D htonl(hdr->payloadOffset);
+	convHdr.keyBytes =3D htonl(hdr->keyBytes);
+	convHdr.mkDigestIterations =3D htonl(hdr->mkDigestIterations);
+	for(i=3D0; i<LUKS_NUMKEYS; i++) {
+		convHdr.keyblock[i].active =3D=20
+			htonl(hdr->keyblock[i].active);
+		convHdr.keyblock[i].passwordIterations =3D=20
+			htonl(hdr->keyblock[i].passwordIterations);
+		convHdr.keyblock[i].keyMaterialOffset =3D=20
+			htonl(hdr->keyblock[i].keyMaterialOffset);
+		convHdr.keyblock[i].stripes =3D=20
+			htonl(hdr->keyblock[i].stripes);
+	}
+
+	r =3D write_blockwise(devfd, &convHdr, sizeof(struct luks_phdr));
+	if (r < 0 || r < sizeof(struct luks_phdr)) {
+		r =3D -EIO; goto out;
+	}
+	r =3D 0;
+out:
+	close(devfd);
+	return r;
+}=09
+
+int LUKS_generate_phdr(struct luks_phdr *header,=20
+		       const struct luks_masterkey *mk, const char *cipherName,
+		       const char *cipherMode, unsigned int stripes)
+{
+	unsigned int i=3D0;
+	unsigned int blocksPerStripeSet =3D mk->keyLength*stripes/SECTOR_SIZE+1;
+	int r;
+	char luksMagic[] =3D LUKS_MAGIC;
+	uuid_t partitionUuid;
+
+	memset(header,0,sizeof(struct luks_phdr));
+
+	/* Set Magic */
+	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
+	header->version=3D1;
+	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L);
+	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L);
+
+	/* This is hard coded ATM */
+	strncpy(header->hashSpec,"sha1",LUKS_HASHSPEC_L);
+
+	header->payloadOffset=3DLUKS_PHDR_SIZE+(blocksPerStripeSet)*LUKS_NUMKEYS;
+	header->keyBytes=3Dmk->keyLength;
+
+	r =3D getRandom(header->mkDigestSalt,LUKS_SALTSIZE);
+	if(r < 0) return r;
+
+	/* Compute master key digest */
+	header->mkDigestIterations =3D LUKS_MKD_ITER;
+	PBKDF2_HMAC_SHA1(mk->key,mk->keyLength,
+			 header->mkDigestSalt,LUKS_SALTSIZE,
+			 header->mkDigestIterations,
+			 header->mkDigest,LUKS_DIGESTSIZE);
+
+	for(i =3D 0; i<LUKS_NUMKEYS; i++) {
+		header->keyblock[i].active =3D LUKS_KEY_DISABLED;
+		header->keyblock[i].keyMaterialOffset =3D LUKS_PHDR_SIZE+blocksPerStripe=
Set*i;
+		header->keyblock[i].stripes =3D stripes;
+	}
+
+	uuid_generate(partitionUuid);
+	uuid_unparse(partitionUuid, header->uuid);
+
+	return 0;
+}
+
+int LUKS_set_key(const char *device, unsigned int keyIndex,=20
+		 const char *password, unsigned int passwordLen,=20
+		 struct luks_phdr *hdr, struct luks_masterkey *mk,
+		 struct setup_backend *backend)
+{
+	char derivedKey[hdr->keyBytes];
+	char *AfKey;
+	unsigned int AFEKSize;
+	int r;
+=09
+	if(hdr->keyblock[keyIndex].active !=3D LUKS_KEY_DISABLED) {
+		fprintf(stderr,"key %d active, purge first.\n",keyIndex);
+		return -EINVAL;
+	}
+	=09
+	r =3D getRandom(hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE);
+	if(r < 0) return r;
+
+//	assert((mk->keyLength % TWOFISH_BLOCKSIZE) =3D=3D 0); FIXME
+
+	PBKDF2_HMAC_SHA1(password,passwordLen,
+			 hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
+			 hdr->keyblock[keyIndex].passwordIterations,
+			 derivedKey, hdr->keyBytes);
+	/*
+	 * AF splitting, the masterkey stored in mk->key is splitted to AfMK
+	 */
+	AFEKSize =3D hdr->keyblock[keyIndex].stripes*mk->keyLength;
+	AfKey =3D (char *)malloc(AFEKSize);
+	if(AfKey =3D=3D NULL) return -ENOMEM;
+=09
+	r =3D AF_split(mk->key,AfKey,mk->keyLength,hdr->keyblock[keyIndex].stripe=
s);
+	if(r < 0) goto out;
+
+	/* Encryption via dm */
+	r =3D LUKS_encrypt_to_storage(AfKey,
+				    AFEKSize,
+				    hdr,
+				    derivedKey,
+				    hdr->keyBytes,
+				    device,
+				    hdr->keyblock[keyIndex].keyMaterialOffset,
+				    backend);
+	if(r < 0) {
+		fprintf(stderr,"failed write to key storage.\n");
+		goto out;
+	}
+
+	/* Mark the key as active in phdr */
+	hdr->keyblock[keyIndex].active =3D LUKS_KEY_ENABLED;
+	r =3D LUKS_write_phdr(device,hdr);
+	if(r < 0) goto out;
+
+	r =3D 0;
+out:
+	free(AfKey);
+	return r;
+}
+
+int LUKS_open_key(const char *device,=20
+		  unsigned int keyIndex,=20
+		  const char *password,=20
+		  unsigned int passwordLen,=20
+		  struct luks_phdr *hdr,=20
+		  struct luks_masterkey *mk,
+		  struct setup_backend *backend)
+{
+	char derivedKey[hdr->keyBytes];
+	char *AfKey;
+	unsigned int AFEKSize;
+	char checkHashBuf[LUKS_DIGESTSIZE];
+	int r;
+=09
+	if(hdr->keyblock[keyIndex].active !=3D LUKS_KEY_ENABLED) {
+#ifdef LUKS_DEBUG
+		fprintf(stderr,"key %d is disabeled.\n", keyIndex);
+#endif
+		return -EINVAL;
+	}
+=09
+	// assert((mk->keyLength % TWOFISH_BLOCKSIZE) =3D=3D 0); FIXME
+
+	AFEKSize =3D hdr->keyblock[keyIndex].stripes*mk->keyLength;
+	AfKey =3D (char *)malloc(AFEKSize);
+	if(AfKey =3D=3D NULL) return -ENOMEM;
+=09
+	PBKDF2_HMAC_SHA1(password,passwordLen,
+			 hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
+			 hdr->keyblock[keyIndex].passwordIterations,
+			 derivedKey, hdr->keyBytes);
+
+	r =3D LUKS_decrypt_from_storage(AfKey,
+				      AFEKSize,
+				      hdr,
+				      derivedKey,
+				      hdr->keyBytes,
+				      device,
+				      hdr->keyblock[keyIndex].keyMaterialOffset,
+				      backend);
+	if(r < 0) {
+		fprintf(stderr,"failed to read from key storage\n");
+		goto out;
+	}
+
+	r =3D AF_merge(AfKey,mk->key,mk->keyLength,hdr->keyblock[keyIndex].stripe=
s);
+	if(r < 0) goto out;
+=09
+	PBKDF2_HMAC_SHA1(mk->key,mk->keyLength,
+			 hdr->mkDigestSalt,LUKS_SALTSIZE,
+			 hdr->mkDigestIterations,
+			 checkHashBuf,LUKS_DIGESTSIZE);
+
+	r =3D (memcmp(checkHashBuf,hdr->mkDigest, LUKS_DIGESTSIZE) =3D=3D 0)?0:-E=
PERM;
+out:
+	free(AfKey);
+	return r;
+}
+
+int LUKS_open_any_key(const char *device,=20
+		      const char *password,=20
+		      unsigned int passwordLen,=20
+		      struct luks_phdr *hdr,=20
+		      struct luks_masterkey *mk,
+		      struct setup_backend *backend)
+{
+	unsigned int i;
+	int r;
+
+	r =3D LUKS_read_phdr(device, hdr);
+	if(r < 0) {
+      		return r;
+	}
+
+	mk->keyLength =3D hdr->keyBytes;
+	for(i=3D0; i<LUKS_NUMKEYS; i++) {
+		if(LUKS_open_key(device, i, password, passwordLen, hdr, mk, backend) =3D=
=3D 0)
+			break;
+	}
+	if(i!=3DLUKS_NUMKEYS) printf("key slot %d unlocked.\n",i);
+	return i=3D=3DLUKS_NUMKEYS?-EPERM:0;
+}
+
+/*
+ * Wipe patterns according to Gutmann's Paper
+ */
+
+static void wipeSpecial(char *buffer, unsigned int buffer_size, unsigned i=
nt turn)
+{
+        unsigned int i;
+=09
+        unsigned char write_modes[27][3] =3D {
+                {"\x55\x55\x55"}, {"\xaa\xaa\xaa"}, {"\x92\x49\x24"},
+                {"\x49\x24\x92"}, {"\x24\x92\x49"}, {"\x00\x00\x00"},
+                {"\x11\x11\x11"}, {"\x22\x22\x22"}, {"\x33\x33\x33"},
+                {"\x44\x44\x44"}, {"\x55\x55\x55"}, {"\x66\x66\x66"},
+                {"\x77\x77\x77"}, {"\x88\x88\x88"}, {"\x99\x99\x99"},
+                {"\xaa\xaa\xaa"}, {"\xbb\xbb\xbb"}, {"\xcc\xcc\xcc"},
+                {"\xdd\xdd\xdd"}, {"\xee\xee\xee"}, {"\xff\xff\xff"},
+                {"\x92\x49\x24"}, {"\x49\x24\x92"}, {"\x24\x92\x49"},
+                {"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
+        };
+=09
+        for(i=3D0;i<buffer_size/3;i++) {
+                memcpy(buffer,write_modes[turn-3],3);
+                buffer+=3D3;
+        }
+}
+
+static int wipe(const char *device, unsigned int from, unsigned int to)
+{
+	int devfd;=20
+	char *buffer;=20
+	unsigned int i;
+	unsigned int bufLen =3D (to-from)*SECTOR_SIZE;
+	int r;
+=09
+	devfd =3D open(device,O_RDWR);
+	if(devfd =3D=3D -1) {
+		fprintf(stderr,"Can't open device: %s\n", device);
+		return -EINVAL;
+	}
+	buffer=3D(char *)malloc(bufLen);
+	for(i=3D0; i<39; i++) {
+		if(i>=3D0  && i<5) getRandom(buffer,bufLen);
+		if(i>=3D5  && i<33) wipeSpecial(buffer,bufLen,i);
+		if(i>=3D33 && i<38) getRandom(buffer,bufLen);
+		if(i>=3D38 && i<39) memset(buffer, 0xFF, bufLen);
+	=09
+		r =3D lseek(devfd,from*SECTOR_SIZE,SEEK_SET);
+		if(r < 0) { r =3D -EIO; goto out; }
+
+		r =3D write(devfd, buffer, bufLen);
+		if(r < 0) { r =3D -EIO; goto out; }
+
+		fsync(devfd); fsync(devfd); sync();
+	}
+	r =3D 0;
+out:
+	free(buffer);
+	close(devfd);
+	return r;
+}
+
+int LUKS_del_key(const char *device, unsigned int keyIndex)
+{
+	struct luks_phdr hdr;
+	unsigned int i, startOffset, endOffset;
+	int r;
+=09
+	r =3D LUKS_read_phdr(device, &hdr);
+	if(r < 0) return r;
+=09
+	if(hdr.keyblock[keyIndex].active !=3D LUKS_KEY_ENABLED || keyIndex >=3D L=
UKS_NUMKEYS) {
+		set_error("Key %d not active. Can't wipe.\n", keyIndex);
+		return -1;
+	}
+=09
+	/* secure deletion of key material */
+	startOffset =3D hdr.keyblock[keyIndex].keyMaterialOffset;
+	endOffset =3D startOffset+(hdr.keyBytes*hdr.keyblock[keyIndex].stripes/51=
2+1);
+=09
+	r =3D wipe(device,startOffset,endOffset);
+	if(r < 0) return r;
+
+	/* mark the key as inactive in header */
+	hdr.keyblock[keyIndex].active =3D LUKS_KEY_DISABLED;
+	r =3D LUKS_write_phdr(device, &hdr);
+	if(r < 0) return r;
+	return 0;
+}
+
+
+int LUKS_benchmarkt_iterations()
+{
+	return PBKDF2_performance_check()/2;
+}
diff -Naurp cryptsetup-20050111/luks/luks.h cryptsetup-luks-1.0/luks/luks.h
--- cryptsetup-20050111/luks/luks.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/luks.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,109 @@
+/*
+ * LUKS partition header
+ */
+
+#include <netinet/in.h>
+#include "libcryptsetup.h"
+#include "internal.h"
+    =20
+
+#define LUKS_CIPHERNAME_L 32
+#define LUKS_CIPHERMODE_L 32
+#define LUKS_HASHSPEC_L 32
+#define LUKS_DIGESTSIZE 20 // since SHA1
+#define LUKS_HMACSIZE 32
+#define LUKS_SALTSIZE 32
+#define LUKS_NUMKEYS 8
+
+// Numbers of iterations for the master key digest
+#define LUKS_MKD_ITER 10
+
+// LUKS_KT defines Key types
+
+#define LUKS_KEY_DISABLED_OLD 0
+#define LUKS_KEY_ENABLED_OLD 0xCAFE
+
+#define LUKS_KEY_DISABLED 0x0000DEAD
+#define LUKS_KEY_ENABLED  0x00AC71F3
+
+#define LUKS_STRIPES 4000
+
+// partition header starts with magic
+
+#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
+#define LUKS_MAGIC_L 6
+
+#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
+
+/* Actually we need only 37, but we don't want struct autoaligning to kick=
 in */
+#define UUID_STRING_L 40
+
+/* Any integer values are stored in network byte order on disk and must be
+converted */
+
+struct luks_phdr {
+	char		magic[LUKS_MAGIC_L];
+	uint16_t	version;
+	char		cipherName[LUKS_CIPHERNAME_L];
+	char		cipherMode[LUKS_CIPHERMODE_L];
+	char            hashSpec[LUKS_HASHSPEC_L];
+	uint32_t	payloadOffset;
+	uint32_t	keyBytes;
+	char		mkDigest[LUKS_DIGESTSIZE];
+	char		mkDigestSalt[LUKS_SALTSIZE];
+	uint32_t	mkDigestIterations;
+	char            uuid[UUID_STRING_L];
+
+	struct {
+		uint32_t active;
+=09
+		/* parameters used for password processing */
+		uint32_t passwordIterations;
+		char     passwordSalt[LUKS_SALTSIZE];
+	=09
+		/* parameters used for AF store/load */	=09
+		uint32_t keyMaterialOffset;
+		uint32_t stripes;	=09
+	} keyblock[LUKS_NUMKEYS];
+};
+
+struct luks_masterkey {
+	int keyLength;
+	char key[32];
+};
+
+int LUKS_generate_masterkey(struct luks_masterkey *mk);
+
+int LUKS_generate_phdr_v1(struct luks_phdr *header,
+			  const struct luks_masterkey mk, const char *cipherName,=20
+			  const char *cipherMode, unsigned int stripes);
+
+int LUKS_read_phdr(const char *device, struct luks_phdr *hdr);
+
+int LUKS_write_phdr(const char *device, struct luks_phdr *hdr);
+
+int LUKS_set_key(const char *device,=20
+					unsigned int keyIndex,=20
+					const char *password,=20
+					unsigned int passwordLen,=20
+					struct luks_phdr *hdr,=20
+					struct luks_masterkey *mk,
+					struct setup_backend *backend);
+
+int LUKS_open_key(const char *device,=20
+					unsigned int keyIndex,=20
+					const char *password,=20
+					unsigned int passwordLen,=20
+					struct luks_phdr *hdr,=20
+					struct luks_masterkey *mk,
+					struct setup_backend *backend);
+
+int LUKS_open_any_key(const char *device,=20
+					const char *password,=20
+					unsigned int passwordLen,=20
+					struct luks_phdr *hdr,=20
+					struct luks_masterkey *mk,
+					struct setup_backend *backend);
+
+int LUKS_del_key(const char *device, unsigned int keyIndex);
+int LUKS_benchmarkt_iterations();
diff -Naurp cryptsetup-20050111/luks/Makefile.am cryptsetup-luks-1.0/luks/M=
akefile.am
--- cryptsetup-20050111/luks/Makefile.am	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/Makefile.am	2005-04-02 23:28:45.000000000 +0200
@@ -0,0 +1,59 @@
+moduledir =3D $(libdir)/cryptsetup
+
+noinst_LTLIBRARIES =3D libluks.la
+
+libluks_la_CFLAGS =3D -I sha
+
+libluks_la_SOURCES =3D \
+	af.c \
+	pbkdf.c \
+	keymanage.c \
+	keyencryption.c \
+	hexprint.c \
+	random.c \
+	sha/sha1.c \
+	sha/hmac_sha1.h \
+	sha/hmac.h \
+	sha/hmac_sha1.c \
+	sha/sha1.h \
+	XORblock.h \
+	pbkdf.h \
+	random.h \
+	af.h \
+	luks.h
+
+INCLUDES =3D -D_GNU_SOURCE			\
+        -I$(top_srcdir)/lib
+       =20
+EXTRA_DIST =3D sha/hmac.c
+
+test:
+	(cd ..; make)
+	@if [ `id -u` !=3D 0 ]; then 	\
+		echo Not root; \
+	fi
+	@if [ ! -e /tmp/key1 ]; then	\
+		dd if=3D/dev/urandom of=3D/tmp/key1 count=3D1 bs=3D32; \
+	fi
+	@dd if=3D/dev/zero of=3D/tmp/luks-test count=3D20000
+	@-/sbin/losetup -d /dev/loop/5
+	@/sbin/losetup /dev/loop/5 /tmp/luks-test
+	echo "kuh" | ../src/cryptsetup -v -i 1000 -c aes-cbc-essiv:sha256 luksFor=
mat /dev/loop/5
+	@sync
+	echo "kuh" | ../src/cryptsetup -v luksOpen /dev/loop/5 dummy
+	@-ls -l /dev/mapper/dummy > /dev/null && echo "success (1 of 5)"
+	@../src/cryptsetup remove dummy
+	@echo -e "kuh\nlala\n" | ../src/cryptsetup -v luksAddKey /dev/loop/5
+	@echo "lala" | ../src/cryptsetup -v luksOpen /dev/loop/5 dummy
+	@-ls -l /dev/mapper/dummy > /dev/null && echo "success (2 of 5)"
+	@../src/cryptsetup -v remove dummy
+	@../src/cryptsetup -v luksDelKey /dev/loop/5 1
+	@echo "lala" | ../src/cryptsetup -v luksOpen /dev/loop/5 dummy 2>/dev/nul=
l || echo "success (3 of 4)"
+	@echo -e "kuh\n" | ../src/cryptsetup -v luksAddKey /dev/loop5 /tmp/key1
+	@../src/cryptsetup -d /tmp/key1 -v luksOpen /dev/loop/5 dummy
+	@-ls -l /dev/mapper/dummy > /dev/null && echo "success (4 of 5)"
+	@../src/cryptsetup -v remove dummy
+	@../src/cryptsetup -v -i 1000 -c aes-cbc-essiv:sha256 luksFormat /dev/loo=
p/5 /tmp/key1
+	@../src/cryptsetup -d /tmp/key1 -v luksOpen /dev/loop/5 dummy
+	@-ls -l /dev/mapper/dummy > /dev/null && echo "success (5 of 5)"
+	@../src/cryptsetup -v remove dummy
diff -Naurp cryptsetup-20050111/luks/pbkdf.c cryptsetup-luks-1.0/luks/pbkdf=
=2Ec
--- cryptsetup-20050111/luks/pbkdf.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/pbkdf.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004 Clemens Fruhwirth <clemens at endorphin.org>
+ * Implementation of PBKDF2-HMAC-SHA1 according to RFC 2898.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, =
USA.
+ */
+=20
+#include <netinet/in.h>
+#include <errno.h>
+#include <signal.h>
+#include <sys/time.h>
+
+#include "hmac_sha1.h"
+#include "XORblock.h"
+
+static unsigned int *__PBKDF2_global_j;
+static unsigned int __PBKDF2_performance=3D0;
+
+void PBKDF2_HMAC_SHA1(const char *password, unsigned int passwordLen,=20
+			const char *salt, unsigned int saltLen, unsigned int iterations,=20
+			char *dKey, unsigned int dKeyLen)
+{
+	uint32_t i=3D1;
+	unsigned int j;
+	/* U_n is the buffer for U_n values */
+	char U_n[SHA1_DIGEST_SIZE];
+	/* F_buf is the XOR buffer for F function */
+	char F_buf[SHA1_DIGEST_SIZE];
+	hmac_ctx templateCtx;
+
+	/* We need a global pointer for signal handlers */
+	__PBKDF2_global_j =3D &j;
+
+	/* Make a template context initialized with password as key */
+	hmac_sha_begin(&templateCtx);
+	hmac_sha_key(password,passwordLen,&templateCtx);
+=09
+#define HMAC_REINIT(__ctx)		memcpy(&__ctx,&templateCtx,sizeof(__ctx))
+=09
+	/* The first hash iteration is done different, therefor=20
+		we reduce iterations to conveniently use it as a loop=20
+		counter */
+	iterations--;=20
+
+	while(dKeyLen > 0) {
+		hmac_ctx ctx;
+		uint32_t iNetworkOrdered;
+		unsigned int blocksize =3D dKeyLen<SHA1_DIGEST_SIZE?dKeyLen:SHA1_DIGEST_=
SIZE;
+
+		j=3Diterations;
+		HMAC_REINIT(ctx);
+		// U_1 hashing=20
+		hmac_sha_data(salt,saltLen,&ctx);
+		iNetworkOrdered =3D htonl(i);
+		hmac_sha_data((unsigned char *)&iNetworkOrdered, sizeof(uint32_t), &ctx);
+		hmac_sha_end(U_n, SHA1_DIGEST_SIZE, &ctx);
+		memcpy(F_buf, U_n, SHA1_DIGEST_SIZE);
+
+		// U_n hashing
+		while(j--) {
+			HMAC_REINIT(ctx);
+			hmac_sha_data(U_n,SHA1_DIGEST_SIZE, &ctx);
+			hmac_sha_end(U_n,SHA1_DIGEST_SIZE, &ctx);
+			XORblock(F_buf,U_n,F_buf,SHA1_DIGEST_SIZE);
+		}
+		memcpy(dKey,F_buf,blocksize);
+		dKey+=3Dblocksize; dKeyLen-=3Dblocksize; i++;
+	}
+#undef HMAC_REINIT
+}
+
+static void sigvtalarm(int foo)
+{
+	__PBKDF2_performance =3D ~(0U) - *__PBKDF2_global_j;
+	*__PBKDF2_global_j =3D 0;
+}
+
+unsigned int PBKDF2_performance_check()=20
+{
+	/* This code benchmarks PBKDF2 and returns=20
+	iterations/second per SHA1_DIGEST_SIZE */
+=09
+	char buf;
+ 	struct itimerval it;
+
+	if(__PBKDF2_performance !=3D 0) return __PBKDF2_performance;
+
+	signal(SIGVTALRM,sigvtalarm);
+	it.it_interval.tv_usec =3D 0;
+  	it.it_interval.tv_sec =3D 0;
+  	it.it_value.tv_usec =3D 0;
+  	it.it_value.tv_sec =3D  1;
+  	if (setitimer (ITIMER_VIRTUAL, &it, NULL) < 0)
+    	return 0;=09
+ =20
+  	PBKDF2_HMAC_SHA1("foo", 3,=20
+					"bar", 3, ~(0U),=20
+					&buf, 1);
+=09
+	return __PBKDF2_performance;
+}
diff -Naurp cryptsetup-20050111/luks/pbkdf.h cryptsetup-luks-1.0/luks/pbkdf=
=2Eh
--- cryptsetup-20050111/luks/pbkdf.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/pbkdf.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,7 @@
+/* */
+
+void PBKDF2_HMAC_SHA1(const char *password, unsigned int passwordLen,=20
+			const char *salt, unsigned int saltLen, unsigned int iterations,=20
+			char *dKey, unsigned int dKeyLen);
+
+unsigned int PBKDF2_performance_check();
diff -Naurp cryptsetup-20050111/luks/random.c cryptsetup-luks-1.0/luks/rand=
om.c
--- cryptsetup-20050111/luks/random.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/random.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,33 @@
+/*
+ *	Random supply helper
+ * Copyright 2004, Clemens Fruhwirth <clemens at endorphin.org>
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+=20
+int getRandom(char *buf, int len)
+{
+	int randomfd =3D 0;=20
+
+	//FIXME Run a FIPS test for the random device or include
+	// PRNG if urandom not avail.
+=09
+	randomfd =3D open("/dev/urandom",O_RDONLY);
+	if(-1 =3D=3D randomfd) {
+		perror("getRandom:"); return -EINVAL;
+	}
+	while(len) {
+		int r;
+		r =3D read(randomfd,buf,len);
+		if (-1 =3D=3D r && errno !=3D -EINTR) {=09
+			perror("read: "); return -EINVAL;
+		}
+		len-=3D r; buf +=3D r;
+	}
+	close(randomfd);
+	return 0;
+}
diff -Naurp cryptsetup-20050111/luks/random.h cryptsetup-luks-1.0/luks/rand=
om.h
--- cryptsetup-20050111/luks/random.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/random.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,2 @@
+int getRandom(char *buf, int len);
+int supply_random(char *buffer, int size);
diff -Naurp cryptsetup-20050111/luks/sha/hmac.c cryptsetup-luks-1.0/luks/sh=
a/hmac.c
--- cryptsetup-20050111/luks/sha/hmac.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/sha/hmac.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,144 @@
+/*
+ -------------------------------------------------------------------------=
--
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK.   All rights reserve=
d.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+   1. distributions of this source code include the above copyright
+      notice, this list of conditions and the following disclaimer;
+
+   2. distributions in binary form include the above copyright
+      notice, this list of conditions and the following disclaimer
+      in the documentation and/or other associated materials;
+
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL=
),
+ in which case the provisions of the GPL apply INSTEAD OF those given abov=
e.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ -------------------------------------------------------------------------=
--
+ Issue Date: 26/08/2003
+
+ This is an implementation of HMAC, the FIPS standard keyed hash function
+*/
+
+#include "hmac.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* initialise the HMAC context to zero */
+void hmac_sha_begin(hmac_ctx cx[1])
+{
+    memset(cx, 0, sizeof(hmac_ctx));
+}
+
+/* input the HMAC key (can be called multiple times)    */
+int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ct=
x cx[1])
+{
+    if(cx->klen =3D=3D HMAC_IN_DATA)                /* error if further ke=
y input   */
+        return HMAC_BAD_MODE;                   /* is attempted in data mo=
de    */
+
+    if(cx->klen + key_len > HASH_INPUT_SIZE)    /* if the key has to be ha=
shed  */
+    {
+        if(cx->klen <=3D HASH_INPUT_SIZE)         /* if the hash has not y=
et been */
+        {                                       /* started, initialise it =
and   */
+            sha_begin(cx->ctx);                /* hash stored key characte=
rs   */
+            sha_hash(cx->key, cx->klen, cx->ctx);
+        }
+
+        sha_hash(key, key_len, cx->ctx);       /* hash long key data into =
hash */
+    }
+    else                                        /* otherwise store key dat=
a     */
+        memcpy(cx->key + cx->klen, key, key_len);
+
+    cx->klen +=3D key_len;                        /* update the key length=
 count  */
+    return HMAC_OK;
+}
+
+/* input the HMAC data (can be called multiple times) - */
+/* note that this call terminates the key input phase   */
+void hmac_sha_data(const unsigned char data[], unsigned long data_len, hma=
c_ctx cx[1])
+{   unsigned int i;
+
+    if(cx->klen !=3D HMAC_IN_DATA)                /* if not yet in data ph=
ase */
+    {
+        if(cx->klen > HASH_INPUT_SIZE)          /* if key is being hashed =
  */
+        {                                       /* complete the hash and  =
  */
+            sha_end(cx->key, cx->ctx);         /* store the result as the =
 */
+            cx->klen =3D HASH_OUTPUT_SIZE;        /* key and set new lengt=
h   */
+        }
+
+        /* pad the key if necessary */
+        memset(cx->key + cx->klen, 0, HASH_INPUT_SIZE - cx->klen);
+
+        /* xor ipad into key value  */
+        for(i =3D 0; i < (HASH_INPUT_SIZE >> 2); ++i)
+            ((unsigned long*)cx->key)[i] ^=3D 0x36363636;
+
+        /* and start hash operation */
+        sha_begin(cx->ctx);
+        sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
+
+        /* mark as now in data mode */
+        cx->klen =3D HMAC_IN_DATA;
+    }
+
+    /* hash the data (if any)       */
+    if(data_len)
+        sha_hash(data, data_len, cx->ctx);
+}
+
+/* compute and output the MAC value */
+void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[=
1])
+{   unsigned char dig[HASH_OUTPUT_SIZE];
+    unsigned int i;
+
+    /* if no data has been entered perform a null data phase        */
+    if(cx->klen !=3D HMAC_IN_DATA)
+        hmac_sha_data((const unsigned char*)0, 0, cx);
+
+    sha_end(dig, cx->ctx);         /* complete the inner hash      */
+
+    /* set outer key value using opad and removing ipad */
+    for(i =3D 0; i < (HASH_INPUT_SIZE >> 2); ++i)
+        ((unsigned long*)cx->key)[i] ^=3D 0x36363636 ^ 0x5c5c5c5c;
+
+    /* perform the outer hash operation */
+    sha_begin(cx->ctx);
+    sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
+    sha_hash(dig, HASH_OUTPUT_SIZE, cx->ctx);
+    sha_end(dig, cx->ctx);
+
+    /* output the hash value            */
+    for(i =3D 0; i < mac_len; ++i)
+        mac[i] =3D dig[i];
+}
+
+/* 'do it all in one go' subroutine     */
+void hmac_sha(const unsigned char key[], unsigned long key_len,
+          const unsigned char data[], unsigned long data_len,
+          unsigned char mac[], unsigned long mac_len)
+{   hmac_ctx    cx[1];
+
+    hmac_sha_begin(cx);
+    hmac_sha_key(key, key_len, cx);
+    hmac_sha_data(data, data_len, cx);
+    hmac_sha_end(mac, mac_len, cx);
+}
+
+#if defined(__cplusplus)
+}
+#endif
diff -Naurp cryptsetup-20050111/luks/sha/hmac.h cryptsetup-luks-1.0/luks/sh=
a/hmac.h
--- cryptsetup-20050111/luks/sha/hmac.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/sha/hmac.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,101 @@
+/*
+ -------------------------------------------------------------------------=
--
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK.   All rights reserve=
d.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+   1. distributions of this source code include the above copyright
+      notice, this list of conditions and the following disclaimer;
+
+   2. distributions in binary form include the above copyright
+      notice, this list of conditions and the following disclaimer
+      in the documentation and/or other associated materials;
+
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL=
),
+ in which case the provisions of the GPL apply INSTEAD OF those given abov=
e.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ -------------------------------------------------------------------------=
--
+ Issue Date: 26/08/2003
+
+ This is an implementation of HMAC, the FIPS standard keyed hash function
+*/
+
+#ifndef _HMAC_H
+#define _HMAC_H
+
+#include <memory.h>
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#if !defined(USE_SHA1) && !defined(USE_SHA256)
+#error define USE_SHA1 or USE_SHA256 to set the HMAC hash algorithm
+#endif
+
+#ifdef USE_SHA1
+
+#include "sha1.h"
+
+#define HASH_INPUT_SIZE     SHA1_BLOCK_SIZE
+#define HASH_OUTPUT_SIZE    SHA1_DIGEST_SIZE
+#define sha_ctx             sha1_ctx
+#define sha_begin           sha1_begin
+#define sha_hash            sha1_hash
+#define sha_end             sha1_end
+
+#endif
+
+#ifdef USE_SHA256
+
+#include "sha2.h"
+
+#define HASH_INPUT_SIZE     SHA256_BLOCK_SIZE
+#define HASH_OUTPUT_SIZE    SHA256_DIGEST_SIZE
+#define sha_ctx             sha256_ctx
+#define sha_begin           sha256_begin
+#define sha_hash            sha256_hash
+#define sha_end             sha256_end
+
+#endif
+
+#define HMAC_OK                0
+#define HMAC_BAD_MODE         -1
+#define HMAC_IN_DATA  0xffffffff
+
+typedef struct
+{   unsigned char   key[HASH_INPUT_SIZE];
+    sha_ctx         ctx[1];
+    unsigned long   klen;
+} hmac_ctx;
+
+void hmac_sha_begin(hmac_ctx cx[1]);
+
+int  hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_c=
tx cx[1]);
+
+void hmac_sha_data(const unsigned char data[], unsigned long data_len, hma=
c_ctx cx[1]);
+
+void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[=
1]);
+
+void hmac_sha(const unsigned char key[], unsigned long key_len,
+          const unsigned char data[], unsigned long data_len,
+          unsigned char mac[], unsigned long mac_len);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff -Naurp cryptsetup-20050111/luks/sha/hmac_sha1.c cryptsetup-luks-1.0/lu=
ks/sha/hmac_sha1.c
--- cryptsetup-20050111/luks/sha/hmac_sha1.c	1970-01-01 01:00:00.000000000 =
+0100
+++ cryptsetup-luks-1.0/luks/sha/hmac_sha1.c	2005-04-02 23:08:13.000000000 =
+0200
@@ -0,0 +1,2 @@
+#define USE_SHA1
+#include "hmac.c"
diff -Naurp cryptsetup-20050111/luks/sha/hmac_sha1.h cryptsetup-luks-1.0/lu=
ks/sha/hmac_sha1.h
--- cryptsetup-20050111/luks/sha/hmac_sha1.h	1970-01-01 01:00:00.000000000 =
+0100
+++ cryptsetup-luks-1.0/luks/sha/hmac_sha1.h	2005-04-02 23:08:13.000000000 =
+0200
@@ -0,0 +1,2 @@
+#define USE_SHA1
+#include "hmac.h"
diff -Naurp cryptsetup-20050111/luks/sha/sha1.c cryptsetup-luks-1.0/luks/sh=
a/sha1.c
--- cryptsetup-20050111/luks/sha/sha1.c	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/sha/sha1.c	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,355 @@
+/*
+ -------------------------------------------------------------------------=
--
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK.   All rights reserve=
d.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+   1. distributions of this source code include the above copyright
+      notice, this list of conditions and the following disclaimer;
+
+   2. distributions in binary form include the above copyright
+      notice, this list of conditions and the following disclaimer
+      in the documentation and/or other associated materials;
+
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL=
),
+ in which case the provisions of the GPL apply INSTEAD OF those given abov=
e.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ -------------------------------------------------------------------------=
--
+ Issue Date: 16/01/2004
+
+ This is a byte oriented version of SHA1 that operates on arrays of bytes
+ stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
+*/
+
+#include <string.h>     /* for memcpy() etc.        */
+#include <stdlib.h>     /* for _lrotl with VC++     */
+
+#include "sha1.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/*
+    To obtain the highest speed on processors with 32-bit words, this code
+    needs to determine the order in which bytes are packed into such words.
+    The following block of code is an attempt to capture the most obvious
+    ways in which various environemnts specify their endian definitions.
+    It may well fail, in which case the definitions will need to be set by
+    editing at the points marked **** EDIT HERE IF NECESSARY **** below.
+*/
+
+/*  PLATFORM SPECIFIC INCLUDES */
+
+#define BRG_LITTLE_ENDIAN   1234 /* byte 0 is least significant (i386) */
+#define BRG_BIG_ENDIAN      4321 /* byte 0 is most significant (mc68k) */
+
+#if defined(__GNUC__) || defined(__GNU_LIBRARY__)
+#  if defined(__FreeBSD__) || defined(__OpenBSD__)
+#    include <sys/endian.h>
+#  elif defined( BSD ) && ( BSD >=3D 199103 )
+#      include <machine/endian.h>
+#  elif defined(__APPLE__)
+#    if defined(__BIG_ENDIAN__) && !defined( BIG_ENDIAN )
+#      define BIG_ENDIAN
+#    elif defined(__LITTLE_ENDIAN__) && !defined( LITTLE_ENDIAN )
+#      define LITTLE_ENDIAN
+#    endif
+#  else
+#    include <endian.h>
+#    if !defined(__BEOS__)
+#      include <byteswap.h>
+#    endif
+#  endif
+#endif
+
+#if !defined(PLATFORM_BYTE_ORDER)
+#  if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
+#    if    defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#    elif !defined(LITTLE_ENDIAN) &&  defined(BIG_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#    elif defined(BYTE_ORDER) && (BYTE_ORDER =3D=3D LITTLE_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#    elif defined(BYTE_ORDER) && (BYTE_ORDER =3D=3D BIG_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#    endif
+#  elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
+#    if    defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#    elif !defined(_LITTLE_ENDIAN) &&  defined(_BIG_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#    elif defined(_BYTE_ORDER) && (_BYTE_ORDER =3D=3D _LITTLE_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#    elif defined(_BYTE_ORDER) && (_BYTE_ORDER =3D=3D _BIG_ENDIAN)
+#      define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#   endif
+#  elif defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)
+#    if    defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__)
+#      define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#    elif !defined(__LITTLE_ENDIAN__) &&  defined(__BIG_ENDIAN__)
+#      define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#    elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ =3D=3D __LITTLE_ENDIA=
N__)
+#      define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#    elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ =3D=3D __BIG_ENDIAN__)
+#      define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#    endif
+#  endif
+#endif
+
+/*  if the platform is still unknown, try to find its byte order    */
+/*  from commonly used machine defines                              */
+
+#if !defined(PLATFORM_BYTE_ORDER)
+
+#if   defined( __alpha__ ) || defined( __alpha ) || defined( i386 )       =
|| \
+      defined( __i386__ )  || defined( _M_I86 )  || defined( _M_IX86 )    =
|| \
+      defined( __OS2__ )   || defined( sun386 )  || defined( __TURBOC__ ) =
|| \
+      defined( vax )       || defined( vms )     || defined( VMS )        =
|| \
+      defined( __VMS )
+#  define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+
+#elif defined( AMIGA )    || defined( applec )  || defined( __AS400__ )  |=
| \
+      defined( _CRAY )    || defined( __hppa )  || defined( __hp9000 )   |=
| \
+      defined( ibm370 )   || defined( mc68000 ) || defined( m68k )       |=
| \
+      defined( __MRC__ )  || defined( __MVS__ ) || defined( __MWERKS__ ) |=
| \
+      defined( sparc )    || defined( __sparc)  || defined( SYMANTEC_C ) |=
| \
+      defined( __TANDEM ) || defined( THINK_C ) || defined( __VMCMS__ )
+#  define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+
+#elif 0     /* **** EDIT HERE IF NECESSARY **** */
+#  define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
+#elif 0     /* **** EDIT HERE IF NECESSARY **** */
+#  define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
+#else
+#  error Please edit sha1.c (line 134 or 136) to set the platform byte ord=
er
+#endif
+
+#endif
+
+#ifdef _MSC_VER
+#pragma intrinsic(memcpy)
+#endif
+
+#if 0 && defined(_MSC_VER)
+#define rotl32  _lrotl
+#define rotr32  _lrotr
+#else
+#define rotl32(x,n)   (((x) << n) | ((x) >> (32 - n)))
+#define rotr32(x,n)   (((x) >> n) | ((x) << (32 - n)))
+#endif
+
+#if !defined(bswap_32)
+#define bswap_32(x) (rotr32((x), 24) & 0x00ff00ff | rotr32((x), 8) & 0xff0=
0ff00)
+#endif
+
+#if (PLATFORM_BYTE_ORDER =3D=3D BRG_LITTLE_ENDIAN)
+#define SWAP_BYTES
+#else
+#undef  SWAP_BYTES
+#endif
+
+#if defined(SWAP_BYTES)
+#define bsw_32(p,n) \
+    { int _i =3D (n); while(_i--) ((sha1_32t*)p)[_i] =3D bswap_32(((sha1_3=
2t*)p)[_i]); }
+#else
+#define bsw_32(p,n)
+#endif
+
+#define SHA1_MASK   (SHA1_BLOCK_SIZE - 1)
+
+#if 0
+
+#define ch(x,y,z)       (((x) & (y)) ^ (~(x) & (z)))
+#define parity(x,y,z)   ((x) ^ (y) ^ (z))
+#define maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#else   /* Discovered by Rich Schroeppel and Colin Plumb   */
+
+#define ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
+#define parity(x,y,z)   ((x) ^ (y) ^ (z))
+#define maj(x,y,z)      (((x) & (y)) | ((z) & ((x) ^ (y))))
+
+#endif
+
+/* Compile 64 bytes of hash data into SHA1 context. Note    */
+/* that this routine assumes that the byte order in the     */
+/* ctx->wbuf[] at this point is in such an order that low   */
+/* address bytes in the ORIGINAL byte stream in this buffer */
+/* will go to the high end of 32-bit words on BOTH big and  */
+/* little endian systems                                    */
+
+#ifdef ARRAY
+#define q(v,n)  v[n]
+#else
+#define q(v,n)  v##n
+#endif
+
+#define one_cycle(v,a,b,c,d,e,f,k,h)            \
+    q(v,e) +=3D rotr32(q(v,a),27) +               \
+              f(q(v,b),q(v,c),q(v,d)) + k + h;  \
+    q(v,b)  =3D rotr32(q(v,b), 2)
+
+#define five_cycle(v,f,k,i)                 \
+    one_cycle(v, 0,1,2,3,4, f,k,hf(i  ));   \
+    one_cycle(v, 4,0,1,2,3, f,k,hf(i+1));   \
+    one_cycle(v, 3,4,0,1,2, f,k,hf(i+2));   \
+    one_cycle(v, 2,3,4,0,1, f,k,hf(i+3));   \
+    one_cycle(v, 1,2,3,4,0, f,k,hf(i+4))
+
+void sha1_compile(sha1_ctx ctx[1])
+{   sha1_32t    *w =3D ctx->wbuf;
+
+#ifdef ARRAY
+    sha1_32t    v[5];
+    memcpy(v, ctx->hash, 5 * sizeof(sha1_32t));
+#else
+    sha1_32t    v0, v1, v2, v3, v4;
+    v0 =3D ctx->hash[0]; v1 =3D ctx->hash[1];
+    v2 =3D ctx->hash[2]; v3 =3D ctx->hash[3];
+    v4 =3D ctx->hash[4];
+#endif
+
+#define hf(i)   w[i]
+
+    five_cycle(v, ch, 0x5a827999,  0);
+    five_cycle(v, ch, 0x5a827999,  5);
+    five_cycle(v, ch, 0x5a827999, 10);
+    one_cycle(v,0,1,2,3,4, ch, 0x5a827999, hf(15)); \
+
+#undef  hf
+#define hf(i) (w[(i) & 15] =3D rotl32(                    \
+                 w[((i) + 13) & 15] ^ w[((i) + 8) & 15] \
+               ^ w[((i) +  2) & 15] ^ w[(i) & 15], 1))
+
+    one_cycle(v,4,0,1,2,3, ch, 0x5a827999, hf(16));
+    one_cycle(v,3,4,0,1,2, ch, 0x5a827999, hf(17));
+    one_cycle(v,2,3,4,0,1, ch, 0x5a827999, hf(18));
+    one_cycle(v,1,2,3,4,0, ch, 0x5a827999, hf(19));
+
+    five_cycle(v, parity, 0x6ed9eba1,  20);
+    five_cycle(v, parity, 0x6ed9eba1,  25);
+    five_cycle(v, parity, 0x6ed9eba1,  30);
+    five_cycle(v, parity, 0x6ed9eba1,  35);
+
+    five_cycle(v, maj, 0x8f1bbcdc,  40);
+    five_cycle(v, maj, 0x8f1bbcdc,  45);
+    five_cycle(v, maj, 0x8f1bbcdc,  50);
+    five_cycle(v, maj, 0x8f1bbcdc,  55);
+
+    five_cycle(v, parity, 0xca62c1d6,  60);
+    five_cycle(v, parity, 0xca62c1d6,  65);
+    five_cycle(v, parity, 0xca62c1d6,  70);
+    five_cycle(v, parity, 0xca62c1d6,  75);
+
+#ifdef ARRAY
+    ctx->hash[0] +=3D v[0]; ctx->hash[1] +=3D v[1];
+    ctx->hash[2] +=3D v[2]; ctx->hash[3] +=3D v[3];
+    ctx->hash[4] +=3D v[4];
+#else
+    ctx->hash[0] +=3D v0; ctx->hash[1] +=3D v1;
+    ctx->hash[2] +=3D v2; ctx->hash[3] +=3D v3;
+    ctx->hash[4] +=3D v4;
+#endif
+}
+
+void sha1_begin(sha1_ctx ctx[1])
+{
+    ctx->count[0] =3D ctx->count[1] =3D 0;
+    ctx->hash[0] =3D 0x67452301;
+    ctx->hash[1] =3D 0xefcdab89;
+    ctx->hash[2] =3D 0x98badcfe;
+    ctx->hash[3] =3D 0x10325476;
+    ctx->hash[4] =3D 0xc3d2e1f0;
+}
+
+/* SHA1 hash data in an array of bytes into hash buffer and */
+/* call the hash_compile function as required.              */
+
+void sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx=
[1])
+{   sha1_32t pos =3D (sha1_32t)(ctx->count[0] & SHA1_MASK),
+            space =3D SHA1_BLOCK_SIZE - pos;
+    const unsigned char *sp =3D data;
+
+    if((ctx->count[0] +=3D len) < len)
+        ++(ctx->count[1]);
+
+    while(len >=3D space)     /* tranfer whole blocks if possible  */
+    {
+        memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
+        sp +=3D space; len -=3D space; space =3D SHA1_BLOCK_SIZE; pos =3D =
0;
+        bsw_32(ctx->wbuf, SHA1_BLOCK_SIZE >> 2);
+        sha1_compile(ctx);
+    }
+
+    memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
+}
+
+/* SHA1 final padding and digest calculation  */
+
+void sha1_end(unsigned char hval[], sha1_ctx ctx[1])
+{   sha1_32t    i =3D (sha1_32t)(ctx->count[0] & SHA1_MASK);
+
+    /* put bytes in the buffer in an order in which references to   */
+    /* 32-bit words will put bytes with lower addresses into the    */
+    /* top of 32 bit words on BOTH big and little endian machines   */
+    bsw_32(ctx->wbuf, (i + 3) >> 2);
+
+    /* we now need to mask valid bytes and add the padding which is */
+    /* a single 1 bit and as many zero bits as necessary. Note that */
+    /* we can always add the first padding byte here because the    */
+    /* buffer always has at least one empty slot                    */
+    ctx->wbuf[i >> 2] &=3D 0xffffff80 << 8 * (~i & 3);
+    ctx->wbuf[i >> 2] |=3D 0x00000080 << 8 * (~i & 3);
+
+    /* we need 9 or more empty positions, one for the padding byte  */
+    /* (above) and eight for the length count. If there is not      */
+    /* enough space, pad and empty the buffer                       */
+    if(i > SHA1_BLOCK_SIZE - 9)
+    {
+        if(i < 60) ctx->wbuf[15] =3D 0;
+        sha1_compile(ctx);
+        i =3D 0;
+    }
+    else    /* compute a word index for the empty buffer positions  */
+        i =3D (i >> 2) + 1;
+
+    while(i < 14) /* and zero pad all but last two positions        */
+        ctx->wbuf[i++] =3D 0;
+
+    /* the following 32-bit length fields are assembled in the      */
+    /* wrong byte order on little endian machines but this is       */
+    /* corrected later since they are only ever used as 32-bit      */
+    /* word values.                                                 */
+    ctx->wbuf[14] =3D (ctx->count[1] << 3) | (ctx->count[0] >> 29);
+    ctx->wbuf[15] =3D ctx->count[0] << 3;
+    sha1_compile(ctx);
+
+    /* extract the hash value as bytes in case the hash buffer is   */
+    /* misaligned for 32-bit words                                  */
+    for(i =3D 0; i < SHA1_DIGEST_SIZE; ++i)
+        hval[i] =3D (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
+}
+
+void sha1(unsigned char hval[], const unsigned char data[], unsigned long =
len)
+{   sha1_ctx    cx[1];
+
+    sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
+}
+
+#if defined(__cplusplus)
+}
+#endif
diff -Naurp cryptsetup-20050111/luks/sha/sha1.h cryptsetup-luks-1.0/luks/sh=
a/sha1.h
--- cryptsetup-20050111/luks/sha/sha1.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/sha/sha1.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,84 @@
+/*
+ -------------------------------------------------------------------------=
--
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK.   All rights reserve=
d.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+   1. distributions of this source code include the above copyright
+      notice, this list of conditions and the following disclaimer;
+
+   2. distributions in binary form include the above copyright
+      notice, this list of conditions and the following disclaimer
+      in the documentation and/or other associated materials;
+
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL=
),
+ in which case the provisions of the GPL apply INSTEAD OF those given abov=
e.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ -------------------------------------------------------------------------=
--
+ Issue Date: 26/08/2003
+*/
+
+#ifndef _SHA1_H
+#define _SHA1_H
+
+#include <limits.h>
+
+#define SHA1_BLOCK_SIZE  64
+#define SHA1_DIGEST_SIZE 20
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* define an unsigned 32-bit type */
+
+#if defined(_MSC_VER)
+  typedef   unsigned long    sha1_32t;
+#elif defined(ULONG_MAX) && ULONG_MAX =3D=3D 0xfffffffful
+  typedef   unsigned long    sha1_32t;
+#elif defined(UINT_MAX) && UINT_MAX =3D=3D 0xffffffff
+  typedef   unsigned int     sha1_32t;
+#else
+#  error Please define sha1_32t as an unsigned 32 bit type in sha1.h
+#endif
+
+/* type to hold the SHA256 context  */
+
+typedef struct
+{   sha1_32t count[2];
+    sha1_32t hash[5];
+    sha1_32t wbuf[16];
+} sha1_ctx;
+
+/* Note that these prototypes are the same for both bit and */
+/* byte oriented implementations. However the length fields */
+/* are in bytes or bits as appropriate for the version used */
+/* and bit sequences are input as arrays of bytes in which  */
+/* bit sequences run from the most to the least significant */
+/* end of each byte                                         */
+
+void sha1_compile(sha1_ctx ctx[1]);
+
+void sha1_begin(sha1_ctx ctx[1]);
+void sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx=
[1]);
+void sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
+void sha1(unsigned char hval[], const unsigned char data[], unsigned long =
len);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff -Naurp cryptsetup-20050111/luks/XORblock.h cryptsetup-luks-1.0/luks/XO=
Rblock.h
--- cryptsetup-20050111/luks/XORblock.h	1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-luks-1.0/luks/XORblock.h	2005-04-02 23:08:13.000000000 +0200
@@ -0,0 +1,6 @@
+static void inline XORblock(char *src1, char *src2, char *dst, unsigned in=
t n)
+{
+	unsigned int j;
+	for(j=3D0; j<n; j++)
+		dst[j] =3D src1[j] ^ src2[j];
+}
diff -Naurp cryptsetup-20050111/Makefile.am cryptsetup-luks-1.0/Makefile.am
--- cryptsetup-20050111/Makefile.am	2004-03-08 01:38:19.000000000 +0100
+++ cryptsetup-luks-1.0/Makefile.am	2005-04-02 23:37:49.000000000 +0200
@@ -1,4 +1,5 @@
 SUBDIRS =3D \
+	luks \
 	lib \
 	src \
 	po
diff -Naurp cryptsetup-20050111/manifest cryptsetup-luks-1.0/manifest
--- cryptsetup-20050111/manifest	2005-02-12 03:04:53.000000000 +0100
+++ cryptsetup-luks-1.0/manifest	2005-04-19 17:34:55.000000000 +0200
@@ -1,9 +1,9 @@
 ./po/de.po
 ./po/LINGUAS
 ./po/POTFILES.in
+./po/cryptsetup-luks.pot
 ./po/ChangeLog
 ./po/stamp-po
-./po/cryptsetup.pot
 ./lib/internal.h
 ./lib/gcrypt.c
 ./lib/setup.c
@@ -24,26 +24,45 @@
 ./Makefile.am
 ./acinclude.m4
 ./AUTHORS
-./ChangeLog
 ./debian/dirs
 ./debian/docs
 ./debian/hack
 ./debian/control
-./debian/cryptsetup.postinst
 ./debian/rules
 ./debian/usbcrypto.mkinitrd
 ./debian/CryptoSwap.HowTo
 ./debian/changelog
 ./debian/CryptoRoot.HowTo
-./debian/cryptsetup.preinst
 ./debian/usbcrypto.hotplug
 ./debian/compat
 ./debian/cryptdisks
 ./debian/usbcrypto.root
 ./debian/cryptdisks.default
-./debian/cryptsetup.postrm
 ./debian/README.html
 ./debian/copyright
 ./debian/crypttab.sgml
 ./debian/cryptsetup.sgml
+./debian/cryptsetup-luks.postinst
+./debian/cryptsetup-luks.postrm
+./debian/cryptsetup-luks.preinst
+./debian/cryptsetup.8
 ./manifest
+./ChangeLog
+./luks/sha/hmac_sha1.c
+./luks/sha/hmac_sha1.h
+./luks/sha/hmac.c
+./luks/sha/hmac.h
+./luks/sha/sha1.c
+./luks/sha/sha1.h
+./luks/af.c
+./luks/af.h
+./luks/random.c
+./luks/random.h
+./luks/keymanage.c
+./luks/Makefile.am
+./luks/luks.h
+./luks/hexprint.c
+./luks/keyencryption.c
+./luks/pbkdf.c
+./luks/pbkdf.h
+./luks/XORblock.h
diff -Naurp cryptsetup-20050111/po/cryptsetup-luks.pot cryptsetup-luks-1.0/=
po/cryptsetup-luks.pot
--- cryptsetup-20050111/po/cryptsetup-luks.pot	1970-01-01 01:00:00.00000000=
0 +0100
+++ cryptsetup-luks-1.0/po/cryptsetup-luks.pot	2005-04-02 23:28:45.00000000=
0 +0200
@@ -0,0 +1,199 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2005-03-25 15:50+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+"Language-Team: LANGUAGE <LL at li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=3DCHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: src/cryptsetup.c:49
+msgid "<name> <device>"
+msgstr ""
+
+#: src/cryptsetup.c:49
+msgid "create device"
+msgstr ""
+
+#: src/cryptsetup.c:50 src/cryptsetup.c:51 src/cryptsetup.c:52
+#: src/cryptsetup.c:53 src/cryptsetup.c:60
+msgid "<name>"
+msgstr ""
+
+#: src/cryptsetup.c:50
+msgid "remove device"
+msgstr ""
+
+#: src/cryptsetup.c:51
+msgid "modify active device"
+msgstr ""
+
+#: src/cryptsetup.c:52
+msgid "resize active device"
+msgstr ""
+
+#: src/cryptsetup.c:53
+msgid "show device status"
+msgstr ""
+
+#: src/cryptsetup.c:54 src/cryptsetup.c:57
+msgid "<device> [<new key file>]"
+msgstr ""
+
+#: src/cryptsetup.c:54
+msgid "formats a LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:55
+msgid "<device> <name> "
+msgstr ""
+
+#: src/cryptsetup.c:55
+msgid "open LUKS device as mapping <name>"
+msgstr ""
+
+#: src/cryptsetup.c:56
+msgid "<device> <key slot>"
+msgstr ""
+
+#: src/cryptsetup.c:56
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:57 src/cryptsetup.c:59
+msgid "add key to LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:58 src/cryptsetup.c:59 src/cryptsetup.c:61
+msgid "<device>"
+msgstr ""
+
+#: src/cryptsetup.c:58
+msgid "print UUID of LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:60
+msgid "remove LUKS mapping"
+msgstr ""
+
+#: src/cryptsetup.c:61
+msgid "dump LUKS partition information"
+msgstr ""
+
+#: src/cryptsetup.c:78
+msgid "Command failed"
+msgstr ""
+
+#: src/cryptsetup.c:301
+msgid ""
+"\n"
+"<action> is one of:\n"
+msgstr ""
+
+#: src/cryptsetup.c:308
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
+msgstr ""
+
+#: src/cryptsetup.c:324
+msgid "Show this help message"
+msgstr ""
+
+#: src/cryptsetup.c:325
+msgid "Display brief usage"
+msgstr ""
+
+#: src/cryptsetup.c:329
+msgid "Help options:"
+msgstr ""
+
+#: src/cryptsetup.c:330
+msgid "Shows more detailed error messages"
+msgstr ""
+
+#: src/cryptsetup.c:331
+msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+msgstr ""
+
+#: src/cryptsetup.c:332
+msgid "The hash used to create the encryption key from the passphrase"
+msgstr ""
+
+#: src/cryptsetup.c:333
+msgid "Verifies the passphrase by asking for it twice"
+msgstr ""
+
+#: src/cryptsetup.c:334
+msgid "Read the key from a file (can be /dev/random)"
+msgstr ""
+
+#: src/cryptsetup.c:335
+msgid "The size of the encryption key"
+msgstr ""
+
+#: src/cryptsetup.c:335
+msgid "BITS"
+msgstr ""
+
+#: src/cryptsetup.c:336
+msgid "The size of the device"
+msgstr ""
+
+#: src/cryptsetup.c:336 src/cryptsetup.c:337 src/cryptsetup.c:338
+msgid "SECTORS"
+msgstr ""
+
+#: src/cryptsetup.c:337
+msgid "The start offset in the backend device"
+msgstr ""
+
+#: src/cryptsetup.c:338
+msgid "How many sectors of the encrypted data to skip at the beginning"
+msgstr ""
+
+#: src/cryptsetup.c:339
+msgid "Create a readonly mapping"
+msgstr ""
+
+#: src/cryptsetup.c:340
+msgid "PBKDF2 iteration time for LUKS (in ms)"
+msgstr ""
+
+#: src/cryptsetup.c:341
+msgid "msecs"
+msgstr ""
+
+#: src/cryptsetup.c:357
+msgid "[OPTION...] <action> <action-specific>]"
+msgstr ""
+
+#: src/cryptsetup.c:389
+msgid "Key size must be a multiple of 8 bits"
+msgstr ""
+
+#: src/cryptsetup.c:393
+msgid "Argument <action> missing."
+msgstr ""
+
+#: src/cryptsetup.c:399
+msgid "Unknown action."
+msgstr ""
+
+#: src/cryptsetup.c:414
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr ""
diff -Naurp cryptsetup-20050111/po/cryptsetup.pot cryptsetup-luks-1.0/po/cr=
yptsetup.pot
--- cryptsetup-20050111/po/cryptsetup.pot	2005-02-09 18:38:53.000000000 +01=
00
+++ cryptsetup-luks-1.0/po/cryptsetup.pot	1970-01-01 01:00:00.000000000 +01=
00
@@ -1,140 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Free Software Foundation, Inc.
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-02-09 18:38+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
-"Language-Team: LANGUAGE <LL at li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=3DCHARSET\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: src/cryptsetup.c:39
-msgid "create device"
-msgstr ""
-
-#: src/cryptsetup.c:40
-msgid "remove device"
-msgstr ""
-
-#: src/cryptsetup.c:41
-msgid "modify active device"
-msgstr ""
-
-#: src/cryptsetup.c:42
-msgid "resize active device"
-msgstr ""
-
-#: src/cryptsetup.c:43
-msgid "show device status"
-msgstr ""
-
-#: src/cryptsetup.c:60
-#, c-format
-msgid "Command failed"
-msgstr ""
-
-#: src/cryptsetup.c:177
-#, c-format
-msgid ""
-"\n"
-"<action> is one of:\n"
-msgstr ""
-
-#: src/cryptsetup.c:185
-#, c-format
-msgid ""
-"<name> is the device to create under %s\n"
-"<device> is the encrypted device\n"
-msgstr ""
-
-#: src/cryptsetup.c:198
-msgid "Show this help message"
-msgstr ""
-
-#: src/cryptsetup.c:199
-msgid "Display brief usage"
-msgstr ""
-
-#: src/cryptsetup.c:203
-msgid "Help options:"
-msgstr ""
-
-#: src/cryptsetup.c:204
-msgid "Shows more detailed error messages"
-msgstr ""
-
-#: src/cryptsetup.c:205
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr ""
-
-#: src/cryptsetup.c:206
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr ""
-
-#: src/cryptsetup.c:207
-msgid "Verifies the passphrase by asking for it twice"
-msgstr ""
-
-#: src/cryptsetup.c:208
-msgid "Read the key from a file (can be /dev/random)"
-msgstr ""
-
-#: src/cryptsetup.c:209
-msgid "The size of the encryption key"
-msgstr ""
-
-#: src/cryptsetup.c:209
-msgid "BITS"
-msgstr ""
-
-#: src/cryptsetup.c:210
-msgid "The size of the device"
-msgstr ""
-
-#: src/cryptsetup.c:210 src/cryptsetup.c:211 src/cryptsetup.c:212
-msgid "SECTORS"
-msgstr ""
-
-#: src/cryptsetup.c:211
-msgid "The start offset in the backend device"
-msgstr ""
-
-#: src/cryptsetup.c:212
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr ""
-
-#: src/cryptsetup.c:213
-msgid "Create a readonly mapping"
-msgstr ""
-
-#: src/cryptsetup.c:228
-msgid "[OPTION...] <action> <name> [<device>]"
-msgstr ""
-
-#: src/cryptsetup.c:259
-msgid "Argument <action> missing."
-msgstr ""
-
-#: src/cryptsetup.c:265
-msgid "Unknown action."
-msgstr ""
-
-#: src/cryptsetup.c:269
-msgid "Argument <name> missing."
-msgstr ""
-
-#: src/cryptsetup.c:274
-msgid "Argument <device> missing."
-msgstr ""
-
-#: src/cryptsetup.c:279
-msgid "Key size must be a multiple of 8 bits"
-msgstr ""
diff -Naurp cryptsetup-20050111/po/de.po cryptsetup-luks-1.0/po/de.po
--- cryptsetup-20050111/po/de.po	2005-02-09 18:38:53.000000000 +0100
+++ cryptsetup-luks-1.0/po/de.po	2005-04-02 23:28:45.000000000 +0200
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: cryptsetup 0.2\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-02-09 18:38+0100\n"
+"POT-Creation-Date: 2005-03-25 15:50+0100\n"
 "PO-Revision-Date: 2004-03-02 14:47+0100\n"
 "Last-Translator: Christophe Saout <christophe at saout.de>\n"
 "Language-Team: German <de at li.org>\n"
@@ -15,33 +15,88 @@ msgstr ""
 "Content-Type: text/plain; charset=3DISO-8859-15\n"
 "Content-Transfer-Encoding: 8bit\n"
=20
-#: src/cryptsetup.c:39
+#: src/cryptsetup.c:49
+#, fuzzy
+msgid "<name> <device>"
+msgstr "Ger=E4t erstellen"
+
+#: src/cryptsetup.c:49
 msgid "create device"
 msgstr "Ger=E4t erstellen"
=20
-#: src/cryptsetup.c:40
+#: src/cryptsetup.c:50 src/cryptsetup.c:51 src/cryptsetup.c:52
+#: src/cryptsetup.c:53 src/cryptsetup.c:60
+msgid "<name>"
+msgstr ""
+
+#: src/cryptsetup.c:50
 msgid "remove device"
 msgstr "Ger=E4t entfernen"
=20
-#: src/cryptsetup.c:41
+#: src/cryptsetup.c:51
 msgid "modify active device"
 msgstr "aktives Ger=E4t ver=E4ndern"
=20
-#: src/cryptsetup.c:42
+#: src/cryptsetup.c:52
 msgid "resize active device"
 msgstr "Gr=F6=DFe eines aktiven Ger=E4tes ver=E4ndern"
=20
-#: src/cryptsetup.c:43
+#: src/cryptsetup.c:53
 msgid "show device status"
 msgstr "Zustand des Ger=E4tes anzeigen"
=20
+#: src/cryptsetup.c:54 src/cryptsetup.c:57
+msgid "<device> [<new key file>]"
+msgstr ""
+
+#: src/cryptsetup.c:54
+#, fuzzy
+msgid "formats a LUKS device"
+msgstr "Ger=E4t entfernen"
+
+#: src/cryptsetup.c:55
+msgid "<device> <name> "
+msgstr ""
+
+#: src/cryptsetup.c:55
+#, fuzzy
+msgid "open LUKS device as mapping <name>"
+msgstr "Ger=E4t entfernen"
+
+#: src/cryptsetup.c:56
+msgid "<device> <key slot>"
+msgstr ""
+
+#: src/cryptsetup.c:56
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:57 src/cryptsetup.c:59
+msgid "add key to LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:58 src/cryptsetup.c:59 src/cryptsetup.c:61
+msgid "<device>"
+msgstr ""
+
+#: src/cryptsetup.c:58
+#, fuzzy
+msgid "print UUID of LUKS device"
+msgstr "Ger=E4t entfernen"
+
 #: src/cryptsetup.c:60
-#, c-format
+msgid "remove LUKS mapping"
+msgstr ""
+
+#: src/cryptsetup.c:61
+msgid "dump LUKS partition information"
+msgstr ""
+
+#: src/cryptsetup.c:78
 msgid "Command failed"
 msgstr "Befehl fehlgeschlagen"
=20
-#: src/cryptsetup.c:177
-#, c-format
+#: src/cryptsetup.c:301
 msgid ""
 "\n"
 "<action> is one of:\n"
@@ -49,99 +104,119 @@ msgstr ""
 "\n"
 "<Aktion> ist eine von:\n"
=20
-#: src/cryptsetup.c:185
+#: src/cryptsetup.c:308
 #, c-format
 msgid ""
+"\n"
 "<name> is the device to create under %s\n"
 "<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
 msgstr ""
-"<Name> ist der Name des unter %s zu erstellenden Ger=E4tes\n"
-"<Ger=E4t> ist das verschl=FCsselte Ger=E4t\n"
=20
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:324
 msgid "Show this help message"
 msgstr "Diese Hilfemeldung anzeigen"
=20
-#: src/cryptsetup.c:199
+#: src/cryptsetup.c:325
 msgid "Display brief usage"
 msgstr "Kurze Verwendungsbeschreibung anzeigen"
=20
-#: src/cryptsetup.c:203
+#: src/cryptsetup.c:329
 msgid "Help options:"
 msgstr "Hilfe-Optionen:"
=20
-#: src/cryptsetup.c:204
+#: src/cryptsetup.c:330
 #, fuzzy
 msgid "Shows more detailed error messages"
 msgstr "Diese Hilfemeldung anzeigen"
=20
-#: src/cryptsetup.c:205
+#: src/cryptsetup.c:331
 msgid "The cipher used to encrypt the disk (see /proc/crypto)"
 msgstr "Der f=FCr die Verschl=FCsselung zu verwendende Cipher (siehe /proc=
/crypto)"
=20
-#: src/cryptsetup.c:206
+#: src/cryptsetup.c:332
 msgid "The hash used to create the encryption key from the passphrase"
 msgstr ""
 "Der f=FCr die Erzeugung des Schl=FCssels aus der Phassphrase zu verwenden=
de Hash"
=20
-#: src/cryptsetup.c:207
+#: src/cryptsetup.c:333
 msgid "Verifies the passphrase by asking for it twice"
 msgstr "=DCberpr=FCft das Pa=DFwort durch eine Sicherheitsabfrage"
=20
-#: src/cryptsetup.c:208
+#: src/cryptsetup.c:334
 msgid "Read the key from a file (can be /dev/random)"
 msgstr "Liest den Schl=FCssel aus einer Datei (kann /dev/random sein)"
=20
-#: src/cryptsetup.c:209
+#: src/cryptsetup.c:335
 msgid "The size of the encryption key"
 msgstr "Die Gr=F6=DFe des Schl=FCssels"
=20
-#: src/cryptsetup.c:209
+#: src/cryptsetup.c:335
 msgid "BITS"
 msgstr "BITS"
=20
-#: src/cryptsetup.c:210
+#: src/cryptsetup.c:336
 msgid "The size of the device"
 msgstr "Die Gr=F6=DFe des Ger=E4tes"
=20
-#: src/cryptsetup.c:210 src/cryptsetup.c:211 src/cryptsetup.c:212
+#: src/cryptsetup.c:336 src/cryptsetup.c:337 src/cryptsetup.c:338
 msgid "SECTORS"
 msgstr "SEKTOREN"
=20
-#: src/cryptsetup.c:211
+#: src/cryptsetup.c:337
 msgid "The start offset in the backend device"
 msgstr "Der Start-Offset im Backend-Ger=E4t"
=20
-#: src/cryptsetup.c:212
+#: src/cryptsetup.c:338
 msgid "How many sectors of the encrypted data to skip at the beginning"
 msgstr ""
 "Wieviele Sektoren der verschl=FCsselten Daten am Beginn =FCbersprungen we=
rden "
 "sollen"
=20
-#: src/cryptsetup.c:213
+#: src/cryptsetup.c:339
 msgid "Create a readonly mapping"
 msgstr ""
=20
-#: src/cryptsetup.c:228
-msgid "[OPTION...] <action> <name> [<device>]"
+#: src/cryptsetup.c:340
+msgid "PBKDF2 iteration time for LUKS (in ms)"
+msgstr ""
+
+#: src/cryptsetup.c:341
+msgid "msecs"
+msgstr ""
+
+#: src/cryptsetup.c:357
+#, fuzzy
+msgid "[OPTION...] <action> <action-specific>]"
 msgstr "[OPTION...] <Aktion> <Name> [<Ger=E4t>]"
=20
-#: src/cryptsetup.c:259
+#: src/cryptsetup.c:389
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Schl=FCsselgr=F6=DFe mu=DF ein Vielfaches von 8 Bit sein"
+
+#: src/cryptsetup.c:393
 msgid "Argument <action> missing."
 msgstr "Argument <Aktion> fehlt."
=20
-#: src/cryptsetup.c:265
+#: src/cryptsetup.c:399
 msgid "Unknown action."
 msgstr "Unbekannte Aktion."
=20
-#: src/cryptsetup.c:269
-msgid "Argument <name> missing."
-msgstr "Argument <Name> fehlt."
-
-#: src/cryptsetup.c:274
-msgid "Argument <device> missing."
-msgstr "Argument <Ger=E4t> fehlt."
+#: src/cryptsetup.c:414
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr ""
=20
-#: src/cryptsetup.c:279
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Schl=FCsselgr=F6=DFe mu=DF ein Vielfaches von 8 Bit sein"
+#~ msgid ""
+#~ "<name> is the device to create under %s\n"
+#~ "<device> is the encrypted device\n"
+#~ msgstr ""
+#~ "<Name> ist der Name des unter %s zu erstellenden Ger=E4tes\n"
+#~ "<Ger=E4t> ist das verschl=FCsselte Ger=E4t\n"
+
+#~ msgid "Argument <name> missing."
+#~ msgstr "Argument <Name> fehlt."
+
+#~ msgid "Argument <device> missing."
+#~ msgstr "Argument <Ger=E4t> fehlt."
diff -Naurp cryptsetup-20050111/src/cryptsetup.c cryptsetup-luks-1.0/src/cr=
yptsetup.c
--- cryptsetup-20050111/src/cryptsetup.c	2004-06-03 16:33:44.000000000 +0200
+++ cryptsetup-luks-1.0/src/cryptsetup.c	2005-04-02 23:28:45.000000000 +0200
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <inttypes.h>
 #include <errno.h>
+#include <assert.h>
=20
 #include <libcryptsetup.h>
 #include <popt.h>
@@ -15,32 +16,49 @@ static char *opt_cipher =3D DEFAULT_CIPHER
 static char *opt_hash =3D DEFAULT_HASH;
 static int opt_verify_passphrase =3D 0;
 static char *opt_key_file =3D NULL;
-static unsigned int opt_key_size =3D DEFAULT_KEY_SIZE;
+static unsigned int opt_key_size =3D 0;
 static uint64_t opt_size =3D 0;
 static uint64_t opt_offset =3D 0;
 static uint64_t opt_skip =3D 0;
 static int opt_readonly =3D 0;
+static int opt_iteration_time =3D 1000;
=20
-static char *dm_name;
-static char *device;
+static const char **action_argv;
+static int action_argc;
=20
 static void action_create(int arg);
 static void action_remove(int arg);
 static void action_resize(int arg);
 static void action_status(int arg);
+static void action_luksFormat(int arg);
+static void action_luksOpen(int arg);
+static void action_luksDelKey(int arg);
+static void action_luksAddKey(int arg);
+static void action_isLuks(int arg);
+static void action_luksUUID(int arg);
+static void action_luksDump(int arg);
=20
 static struct action_type {
 	const char *type;
 	void (*handler)(int);
 	int arg;
-	int require_device;
+	int required_action_argc;
+	const char *arg_desc;
 	const char *desc;
 } action_types[] =3D {
-	{ "create",	action_create, 0, 1, N_("create device") },
-	{ "remove",	action_remove, 0, 0, N_("remove device") },
-	{ "reload",	action_create, 1, 1, N_("modify active device") },
-	{ "resize",	action_resize, 0, 0, N_("resize active device") },
-	{ "status",	action_status, 0, 0, N_("show device status") },
+	{ "create",	action_create, 0, 2, N_("<name> <device>"), N_("create device=
") },
+	{ "remove",	action_remove, 0, 1, N_("<name>"), N_("remove device") },
+	{ "reload",	action_create, 1, 2, N_("<name>"), N_("modify active device")=
 },
+	{ "resize",	action_resize, 0, 1, N_("<name>"), N_("resize active device")=
 },
+	{ "status",	action_status, 0, 1, N_("<name>"), N_("show device status") },
+	{ "luksFormat",	action_luksFormat, 0, 1, N_("<device> [<new key file>]"),=
 N_("formats a LUKS device") },
+	{ "luksOpen",	action_luksOpen, 0, 2, N_("<device> <name> "), N_("open LUK=
S device as mapping <name>") },
+	{ "luksDelKey",	action_luksDelKey, 0, 2, N_("<device> <key slot>"), N_("w=
ipes key with number <key slot> from LUKS device") },
+	{ "luksAddKey",	action_luksAddKey, 0, 1, N_("<device> [<new key file>]"),=
 N_("add key to LUKS device") },
+	{ "luksUUID",	action_luksUUID, 0, 1, N_("<device>"), N_("print UUID of LU=
KS device") },
+	{ "isLuks",	action_isLuks, 0, 1, N_("<device>"), N_("add key to LUKS devi=
ce") },
+	{ "luksClose",	action_remove, 0, 1, N_("<name>"), N_("remove LUKS mapping=
") },
+	{ "luksDump",	action_luksDump, 0, 1, N_("<device>"), N_("dump LUKS partit=
ion information") },
 	{ NULL, NULL, 0, 0, NULL }
 };
=20
@@ -69,12 +87,12 @@ static void show_error(int errcode)
 static void action_create(int reload)
 {
 	struct crypt_options options =3D {
-		.name =3D dm_name,
-		.device =3D device,
+		.name =3D action_argv[0],
+		.device =3D action_argv[1],
 		.cipher =3D opt_cipher,
 		.hash =3D opt_hash,
 		.key_file =3D opt_key_file,
-		.key_size =3D opt_key_size / 8,
+		.key_size =3D ((opt_key_size)?opt_key_size:DEFAULT_KEY_SIZE)/8,
 		.passphrase_fd =3D 0,	/* stdin */
 		.flags =3D 0,
 		.size =3D opt_size,
@@ -83,10 +101,8 @@ static void action_create(int reload)
 	};
 	int r;
=20
-	if (options.hash && strcmp(options.hash, "plain") =3D=3D 0)
+	if (options.hash && strcmp(options.hash, "plain") =3D=3D 0 || options.key=
_file)
 		options.hash =3D NULL;
-	if (!options.key_file)
-		options.flags |=3D CRYPT_FLAG_PASSPHRASE;
 	if (opt_verify_passphrase)
 		options.flags |=3D CRYPT_FLAG_VERIFY;
 	if (opt_readonly)
@@ -103,7 +119,7 @@ static void action_create(int reload)
 static void action_remove(int arg)
 {
 	struct crypt_options options =3D {
-		.name =3D dm_name,
+		.name =3D action_argv[0],
 	};
 	int r;
=20
@@ -115,7 +131,7 @@ static void action_remove(int arg)
 static void action_resize(int arg)
 {
 	struct crypt_options options =3D {
-		.name =3D dm_name,
+		.name =3D action_argv[0],
 		.size =3D opt_size,
 	};
 	int r;
@@ -128,7 +144,7 @@ static void action_resize(int arg)
 static void action_status(int arg)
 {
 	struct crypt_options options =3D {
-		.name =3D dm_name,
+		.name =3D action_argv[0],
 	};
 	int r;
=20
@@ -156,6 +172,114 @@ static void action_status(int arg)
 	crypt_put_options(&options);
 }
=20
+static void action_luksFormat(int arg)
+{
+	struct crypt_options options =3D {
+		.key_size =3D ((opt_key_size)?opt_key_size:DEFAULT_LUKS_KEY_SIZE)/8,
+		.device =3D action_argv[0],
+		.cipher =3D opt_cipher,
+		.new_key_file =3D action_argc>1?action_argv[1]:NULL,
+		.flags =3D opt_verify_passphrase?CRYPT_FLAG_VERIFY:0,
+		.iteration_time =3D opt_iteration_time,
+	};
+	int r;=20
+
+	if(isatty(0)) {
+		char *answer=3DNULL;
+		int size=3D0;
+		fprintf(stderr,"\nWARNING!\n=3D=3D=3D=3D=3D=3D=3D=3D\n");
+		fprintf(stderr,"This will overwrite data on %s irrevocably.\n\nAre you s=
ure? (Type uppercase yes): ",options.device);
+		getline(&answer,&size,stdin);
+		if(strcmp(answer,"YES\n")) {
+			free(answer);
+			return;
+		}
+		free(answer);
+	}
+
+	r =3D crypt_luksFormat(&options);
+	if (r < 0)
+		show_error(-r);
+}
+
+static void action_luksOpen(int arg)
+{
+	struct crypt_options options =3D {
+		.name =3D action_argv[1],
+		.device =3D action_argv[0],
+		.key_file =3D opt_key_file,
+	};
+	int r;=20
+
+	opt_verbose =3D 1;
+	r =3D crypt_luksOpen(&options);
+	if (r < 0)
+		show_error(-r);
+}
+
+static void action_luksDelKey(int arg)
+{
+	struct crypt_options options =3D {
+		.device =3D action_argv[0],
+		.key_slot =3D atoi(action_argv[1]),
+	};
+	int r;=20
+
+	r =3D crypt_luksDelKey(&options);
+	if (r < 0)
+		show_error(-r);
+
+}
+
+static void action_luksAddKey(int arg)
+{
+	struct crypt_options options =3D {
+		.device =3D action_argv[0],
+		.key_file =3D opt_key_file,
+		.new_key_file =3D action_argc>1?action_argv[1]:NULL,
+		.key_file =3D opt_key_file,
+		.flags =3D opt_verify_passphrase?CRYPT_FLAG_VERIFY:0,
+		.iteration_time =3D opt_iteration_time,
+	};
+	int r;=20
+
+	r =3D crypt_luksAddKey(&options);
+	if (r < 0)
+		show_error(-r);
+}
+
+static void action_isLuks(int arg)
+{
+	struct crypt_options options =3D {
+		.device =3D action_argv[0],
+	};
+	exit(crypt_isLuks(&options));
+}
+
+static void action_luksUUID(int arg)
+{
+	struct crypt_options options =3D {
+		.device =3D action_argv[0],
+	};
+	int r;=20
+
+	r =3D crypt_luksUUID(&options);
+	if (r < 0)
+		show_error(-r);
+}
+
+static void action_luksDump(int arg)
+{
+	struct crypt_options options =3D {
+		.device =3D action_argv[0],
+	};
+	int r;=20
+
+	r =3D crypt_luksDump(&options);
+	if (r < 0)
+		show_error(-r);
+}
+
 static void usage(poptContext popt_context, int exitcode,
                   const char *error, const char *more)
 {
@@ -178,12 +302,14 @@ static void help(poptContext popt_contex
 			"<action> is one of:\n"));
=20
 		for(action =3D action_types; action->type; action++)
-			fprintf(stdout, "\t%s - %s\n", action->type,
+			fprintf(stdout, "\t%s %s - %s\n", action->type, gettext(action->arg_des=
c),
 			        gettext(action->desc));
 	=09
-		fprintf(stdout, _(
+		fprintf(stdout, _("\n"
 			"<name> is the device to create under %s\n"
-			"<device> is the encrypted device\n"),
+			"<device> is the encrypted device\n"
+			"<key slot> is the LUKS key slot number to modify\n"
+			"<key file> optional key file for the new key for luksAddKey action\n"),
 			crypt_get_dir());
 		exit(0);
 	} else
@@ -211,12 +337,15 @@ int main(int argc, char **argv)
 		{ "offset",            'o',  POPT_ARG_STRING,                           =
  &popt_tmp,              2, N_("The start offset in the backend device"), =
                         N_("SECTORS") },
 		{ "skip",              'p',  POPT_ARG_STRING,                           =
  &popt_tmp,              3, N_("How many sectors of the encrypted data to =
skip at the beginning"), N_("SECTORS") },
 		{ "readonly",          'r',  POPT_ARG_NONE,                             =
  &opt_readonly,          0, N_("Create a readonly mapping"),              =
                         NULL },
+		{ "iter-time",         'i',  POPT_ARG_INT,                              =
  &opt_iteration_time,        0, N_("PBKDF2 iteration time for LUKS (in ms)=
"),
+		  N_("msecs") },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
 	struct action_type *action;
 	char *aname;
 	int r;
+	const char *null_action_argv[] =3D {NULL};
=20
 	setlocale(LC_ALL, "");
 	bindtextdomain(GETTEXT_PACKAGE, LOCALEDIR);
@@ -225,7 +354,7 @@ int main(int argc, char **argv)
 	popt_context =3D poptGetContext(PACKAGE, argc, (const char **)argv,
 	                              popt_options, 0);
 	poptSetOtherOptionHelp(popt_context,
-	                       N_("[OPTION...] <action> <name> [<device>]"));
+	                       N_("[OPTION...] <action> <action-specific>]"));
=20
 	while((r =3D poptGetNextOpt(popt_context)) > 0) {
 		unsigned long long ull_value;
@@ -255,6 +384,11 @@ int main(int argc, char **argv)
 		usage(popt_context, 1, poptStrerror(r),
 		      poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
=20
+	if (opt_key_size % 8)
+		usage(popt_context, 1,
+		      _("Key size must be a multiple of 8 bits"),
+		      poptGetInvocationName(popt_context));
+=09
 	if (!(aname =3D (char *)poptGetArg(popt_context)))
 		usage(popt_context, 1, _("Argument <action> missing."),
 		      poptGetInvocationName(popt_context));
@@ -265,20 +399,22 @@ int main(int argc, char **argv)
 		usage(popt_context, 1, _("Unknown action."),
 		      poptGetInvocationName(popt_context));
=20
-	if (!(dm_name =3D (char *)poptGetArg(popt_context)))
-		usage(popt_context, 1, _("Argument <name> missing."),
-		      poptGetInvocationName(popt_context));
-
-	device =3D (char *)poptGetArg(popt_context);
-	if (!device && action->require_device)
-		usage(popt_context, 1, _("Argument <device> missing."),
+	action_argc =3D 0;
+	action_argv =3D poptGetArgs(popt_context);
+	/* Make return values of poptGetArgs more consistent in case of remaining=
 argc =3D 0 */
+	if(!action_argv)=20
+		action_argv =3D null_action_argv;
+=09
+	/* Count args, somewhat unnice, change? */
+	while(action_argv[action_argc] !=3D NULL)
+		action_argc++;
+
+	if(action_argc < action->required_action_argc) {
+		char buf[128];
+		snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, actio=
n->arg_desc);
+		usage(popt_context, 1, buf,
 		      poptGetInvocationName(popt_context));
-
-	if (opt_key_size % 8)
-		usage(popt_context, 1,
-		      _("Key size must be a multiple of 8 bits"),
-		      poptGetInvocationName(popt_context));
-
+	}=09
 	action->handler(action->arg);
=20
 	return 0;
diff -Naurp cryptsetup-20050111/src/cryptsetup.h cryptsetup-luks-1.0/src/cr=
yptsetup.h
--- cryptsetup-20050111/src/cryptsetup.h	2004-03-04 21:06:15.000000000 +0100
+++ cryptsetup-luks-1.0/src/cryptsetup.h	2005-04-02 23:28:45.000000000 +0200
@@ -29,5 +29,6 @@
 #define DEFAULT_CIPHER		"aes"
 #define DEFAULT_HASH		"ripemd160"
 #define DEFAULT_KEY_SIZE	256
+#define DEFAULT_LUKS_KEY_SIZE	128
=20
 #endif /* CRYPTSETUP_H */
diff -Naurp cryptsetup-20050111/src/Makefile.am cryptsetup-luks-1.0/src/Mak=
efile.am
--- cryptsetup-20050111/src/Makefile.am	2004-03-09 16:03:01.000000000 +0100
+++ cryptsetup-luks-1.0/src/Makefile.am	2005-04-02 23:08:13.000000000 +0200
@@ -1,5 +1,3 @@
-sbin_PROGRAMS=3Dcryptsetup
-
 INCLUDES =3D \
 	-I$(top_srcdir)				\
 	-I$(top_srcdir)/lib			\
@@ -18,3 +16,12 @@ cryptsetup_SOURCES =3D \
 cryptsetup_LDADD =3D \
 	@POPT_LIBS@				\
 	$(top_srcdir)/lib/libcryptsetup.la
+
+if STATIC_CRYPTSETUP
+_STATIC_FLAGS =3D -all-static
+endif
+
+cryptsetup_LDFLAGS =3D \
+	$(_STATIC_FLAGS)=20
+
+sbin_PROGRAMS=3Dcryptsetup

--J/dobhs11T7y2rNN--

--eAbsdosE1cNLO4uF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iQIVAwUBQmU0ifFCIw50vp6+AQLWpA/+JwJl1rgYs8plIfCBck8+Ui/aS4krHkzo
B/NwfHpoyxN5zBZS1Yxt3dKE2lsR2cd8pe76G3I7xwsphUrkGmTgUG+BlGbQ/x/8
JlrqTiwpBKV2mYwah7mFg+Aoo9KftA5Ue7VQB56yhfQRqQwDqOdOKOq6/0YdoS+R
UxpUyuLfUCbx5Md2P6n3qTLQxh/ECJiuYtNMj0U4i1ngYp+9m60EmzMA6Jim3Vfh
GMwVgPpO/e/BrDHsw/2Ev1P3DDy6c2CInPxpfYd00Z1liUZyKZABMaesIzyEzXnm
geHPqRGIretfjFWSnSEWS0MpdAhLeBgiF64ANbCPV5sQZ7tccVHhkC7n4GICbr96
JXzjoGlcQB8+0ETrr92cB4ava0F0O7+AoaBUtVKwVtRKiXwIYnzuICdICa4M+qHh
uazzPutvS8tFbQJv/7o9BqyuI5l0N25KuStv/CbfdFTXyVtU4N7e2IrDxi2U4fU8
nw8md8io9fBJrIzGNErbsimj+MVgrsjjY66Pnp+xkcFdU1UnF+za1HNpBPsikbnH
/yd8wHdyrewJVgeqIWYHYfWsUl+aGx1YmOQ45v2f0y0U/nBPV/8npuONvcly39Dz
pKbI73khhW4W8gO70BS5LudkgItb6aqYmrlUc3LFFuDy1/KF8ltOG7sTADWi7HWl
AzZQXq0YDEI=
=mdCE
-----END PGP SIGNATURE-----

--eAbsdosE1cNLO4uF--

---------------------------------------
Received: (at 305366-done) by bugs.debian.org; 22 Jan 2006 16:13:48 +0000
>From jonas at freesources.org Sun Jan 22 08:13:48 2006
Return-path: <jonas at freesources.org>
Received: from ns1.kidns.de ([62.75.128.97] helo=diana50.kidns.de)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1F0hqe-0007W6-8M
	for 305366-done at bugs.debian.org; Sun, 22 Jan 2006 08:13:48 -0800
Received: from dslb-084-058-144-129.pools.arcor-ip.net ([84.58.144.129] helo=resivo.wgnet.de)
	by diana50.kidns.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1F0hqW-0004gj-DJ
	for 305366-done at bugs.debian.org; Sun, 22 Jan 2006 17:13:40 +0100
Received: from jonas by resivo.wgnet.de with local (Exim 4.60)
	(envelope-from <jonas at freesources.org>)
	id 1F0hqb-0002Fh-97
	for 305366-done at bugs.debian.org; Sun, 22 Jan 2006 17:13:46 +0100
Date: Sun, 22 Jan 2006 17:13:39 +0100
From: Jonas Meurer <jonas at freesources.org>
To: 305366-done at bugs.debian.org
Message-ID: <20060122161339.GB11186 at freesources.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.11
X-SA-Exim-Connect-IP: 84.58.144.129
X-SA-Exim-Mail-From: jonas at freesources.org
Subject: cryptsetup 2:1.0.1-11 with luks support uploaded to debian
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on diana50.kidns.de)
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

hello,

i just uploaded cryptsetup 2:1.0.1-11 with integrated luks support to
debian.

...
 jonas



More information about the Pkg-cryptsetup-devel mailing list