linux-ntfs-cvs — List for CVS checkins and comments.

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.14,1.15

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27418

Modified Files:
	decrypt.c 
Log Message:
Fixes to last cleanup.


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- decrypt.c	27 Jul 2005 15:55:42 -0000	1.14
+++ decrypt.c	27 Jul 2005 18:17:31 -0000	1.15
@@ -161,7 +161,8 @@ ntfs_decrypt_user_key_session *ntfs_decr
 		return NULL;
 	}
 	if (!(hSystemStore = fnCertOpenStore(((LPCSTR)CERT_STORE_PROV_SYSTEM),
-			0, NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"MY"))) {
+			0, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER,
+			L"MY"))) {
 		fprintf(stderr, "Could not open system store.\n");
 		errno = EINVAL;
 		return NULL;
@@ -193,6 +194,18 @@ void ntfs_decrypt_user_key_session_close
 	free(session);
 }
 
+static inline void reverse_buffer(unsigned char *buf, unsigned buf_size)
+{
+	unsigned char t;
+	unsigned i;
+
+	for (i = 0; i < buf_size / 2; i++) {
+		t = buf[i];
+		buf[i] = buf[buf_size - i - 1];
+		buf[buf_size - i - 1] = t;
+	}
+}
+
 ntfs_decrypt_user_key *ntfs_decrypt_user_key_open(
 		ntfs_decrypt_user_key_session *session __attribute__((unused)),
 		unsigned char *thumb_print, unsigned thumb_size)
@@ -220,7 +233,7 @@ ntfs_decrypt_user_key *ntfs_decrypt_user
 	hash_blob.pbData = thumb_print;
 
 	if (!(pCert = fnCertFindCertificateInStore(
-			((DECRYPT_SESSION*)session)->hSystemStore,
+			((NTFS_DECRYPT_USER_KEY_SESSION*)session)->hSystemStore,
 			(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING), 0,
 			CERT_FIND_HASH, &hash_blob, NULL))) {
 		fprintf(stderr, "Could not find cert in store.\n");
@@ -287,7 +300,8 @@ ntfs_decrypt_user_key *ntfs_decrypt_user
 		errno = EINVAL;
 		return NULL;
 	}
-	if ((key = (decrypt_key*)malloc(sizeof(NTFS_DECRYPT_USER_KEY))))
+	if ((key = (ntfs_decrypt_user_key*)malloc(
+			sizeof(NTFS_DECRYPT_USER_KEY))))
 		((NTFS_DECRYPT_USER_KEY*)key)->sexp_key = sexp_key;
 	// todo: release all
 	return key;
@@ -307,18 +321,6 @@ void ntfs_decrypt_user_key_close(ntfs_de
 	free(key);
 }
 
-static inline void reverse_buffer(unsigned char *buf, unsigned buf_size)
-{
-	unsigned char t;
-	unsigned i;
-
-	for (i = 0; i < buf_size / 2; i++) {
-		t = buf[i];
-		buf[i] = buf[buf_size - i - 1];
-		buf[buf_size - i - 1] = t;
-	}
-}
-
 /**
  * warning: decrypting into the input buffer!
  */

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfsdecrypt.c,1.5,1.6 decrypt.c,1.13,1.14 decrypt.h,1.3,1.4

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29728

Modified Files:
	ntfsdecrypt.c decrypt.c decrypt.h 
Log Message:
First pass at massive cleanup of ntfsdectypt/decrypt.


Index: ntfsdecrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsdecrypt.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- ntfsdecrypt.c	27 Jul 2005 10:48:46 -0000	1.5
+++ ntfsdecrypt.c	27 Jul 2005 15:55:42 -0000	1.6
@@ -210,13 +210,14 @@ static int parse_options(int argc, char 
 /**
  * cat
  */
-static int cat_decrypt(ntfs_inode *inode, decrypt_key *fek)
+static int cat_decrypt(ntfs_inode *inode, ntfs_decrypt_data_key *fek)
 {
 	int bufsize = 512;
 	char *buffer;
 	ntfs_attr *attr;
 	s64 bytes_read, written, offset, total;
-	unsigned int i;
+	s64 old_data_size, old_initialized_size;
+	unsigned i;
 
 	buffer = malloc(bufsize);
 	if (!buffer)
@@ -233,6 +234,8 @@ static int cat_decrypt(ntfs_inode *inode
 	// clear the encrypted bit, otherwise the library won't allow reading.
 	NAttrClearEncrypted(attr);
 	// extend the size, we may need to read past the end of the stream.
+	old_data_size = attr->data_size;
+	old_initialized_size = attr->initialized_size;
 	attr->data_size = attr->initialized_size = attr->allocated_size;
 
 	offset = 0;
@@ -244,8 +247,8 @@ static int cat_decrypt(ntfs_inode *inode
 		}
 		if (!bytes_read)
 			break;
-		if ((i = decrypt_decrypt_sector(fek, buffer, offset)) <
-				bytes_read) {
+		if ((i = ntfs_decrypt_data_key_decrypt_sector(fek, buffer,
+				offset)) < bytes_read) {
 			perror("ERROR: Couldn't decrypt all data!");
 			Eprintf("%u/%lld/%lld/%lld\n", i, (long long)bytes_read,
 					(long long)offset, (long long)total);
@@ -261,6 +264,9 @@ static int cat_decrypt(ntfs_inode *inode
 		offset += bytes_read;
 		total -= bytes_read;
 	}
+	attr->data_size = old_data_size;
+	attr->initialized_size = old_initialized_size;
+	NAttrSetEncrypted(attr);
 	ntfs_attr_close(attr);
 	free(buffer);
 	return 0;
@@ -269,41 +275,44 @@ static int cat_decrypt(ntfs_inode *inode
 /**
  * get_fek
  */
-static decrypt_key *get_fek(ntfs_inode * inode)
+static ntfs_decrypt_data_key *get_fek(ntfs_inode *inode)
 {
 	ntfs_attr *na;
-	char *efs_buffer, *ddf, *certificate, *hash_data, *fek_buf;
+	unsigned char *efs_buffer, *ddf, *certificate, *hash_data, *fek_buf;
 	u32 ddf_count, hash_size, fek_size;
-	unsigned int i;
-	decrypt_session *session;
-	decrypt_key *key;
+	unsigned i;
+	ntfs_decrypt_user_key_session *session;
+	ntfs_decrypt_user_key *key;
 
-	/* obtain the $EFS contents */
+	/* Obtain the $EFS contents. */
 	na = ntfs_attr_open(inode, AT_LOGGED_UTILITY_STREAM,
 			EFS, EFS_name_length);
 	if (!na) {
-		perror("Error");
+		perror("Failed to open $EFS attribute");
 		return NULL;
 	}
 	efs_buffer = malloc(na->data_size);
 	if (!efs_buffer) {
-		perror("malloc failed");
+		perror("Failed to allocate internal buffer");
+		ntfs_attr_close(na);
 		return NULL;
 	}
 	if (ntfs_attr_pread(na, 0, na->data_size, efs_buffer) !=
 			na->data_size) {
-		perror("ntfs_attr_pread failed");
+		perror("Failed to read $EFS attribute");
 		free(efs_buffer);
+		ntfs_attr_close(na);
 		return NULL;
 	}
 	ntfs_attr_close(na);
 
 	/* Init the CryptoAPI. */
-	if (!(session = decrypt_open())) {
-		perror("Could not init the cryptoAPI.");
+	if (!(session = ntfs_decrypt_user_key_session_open())) {
+		perror("Failed to initialize the cryptoAPI");
+		free(efs_buffer);
 		return NULL;
 	}
-	/* Iterate through the DDFs & DRFs until you obtain a key. */
+	/* Iterate through the DDFs & DRFs until we obtain a key. */
 	ddf = efs_buffer + le32_to_cpu(*(u32*)(efs_buffer + 0x40));
 	ddf_count = le32_to_cpu(*(u32*)ddf);
 
@@ -315,32 +324,32 @@ static decrypt_key *get_fek(ntfs_inode *
 					le32_to_cpu(*(u32*)(ddf + 0x18)));
 		else
 			certificate = (ddf + 0x30);
-
-		hash_size = (unsigned int)le32_to_cpu(*(u32*)certificate);
-		hash_data = certificate + (unsigned int)
+		hash_size = (unsigned)le32_to_cpu(*(u32*)certificate);
+		hash_data = certificate + (unsigned)
 				le32_to_cpu(*(u32*)(certificate + 0x04));
-		fek_size = (unsigned int)le32_to_cpu(*(u32*)(ddf + 0x08));
-		fek_buf = ddf + (unsigned int)le32_to_cpu(*(u32*)(ddf + 0x0c));
-
-		if ((key = decrypt_user_key_open(session, hash_size,
-				hash_data))) {
-			if ((fek_size = decrypt_decrypt(key, fek_size,
-					fek_buf)))
-				return decrypt_make_key(session, fek_size,
-						fek_buf);
-			perror("error decrypting the FEK.");
-			decrypt_user_key_close(key);
-			decrypt_close(session);
-			errno = -1;
-			return NULL;
-			decrypt_user_key_close(key);
+		fek_size = (unsigned)le32_to_cpu(*(u32*)(ddf + 0x08));
+		fek_buf = ddf + (unsigned)le32_to_cpu(*(u32*)(ddf + 0x0c));
+		if ((key = ntfs_decrypt_user_key_open(session, hash_data,
+				hash_size))) {
+			fek_size = ntfs_decrypt_user_key_decrypt(key, fek_buf,
+					fek_size);
+			ntfs_decrypt_user_key_close(key);
+			if (fek_size) {
+				ntfs_decrypt_data_key *fek;
+
+				ntfs_decrypt_user_key_session_close(session);
+				fek = ntfs_decrypt_data_key_open(fek_buf,
+						fek_size);
+				free(efs_buffer);
+				return fek;
+			}
+			fprintf(stderr, "Failed to decrypt the FEK.\n");
 		} else
-			Eprintf("Could not open key.\n");
-
+			perror("Failed to open user key");
 		ddf = ddf + le32_to_cpu(*(u32*)(ddf + 0x08)) +
 				le32_to_cpu(*(u32*)(ddf + 0x0c));
 	}
-	decrypt_close(session);
+	ntfs_decrypt_user_key_session_close(session);
 	return NULL;
 }
 
@@ -356,7 +365,7 @@ int main(int argc, char *argv[])
 {
 	ntfs_volume *vol;
 	ntfs_inode *inode;
-	decrypt_key *fek;
+	ntfs_decrypt_data_key *fek;
 	int result = 1;
 
 	if (!parse_options(argc, argv))
@@ -381,7 +390,7 @@ int main(int argc, char *argv[])
 	fek = get_fek(inode);
 	if (fek) {
 		result = cat_decrypt(inode, fek);
-		decrypt_user_key_close(fek);
+		ntfs_decrypt_data_key_close(fek);
 	} else {
 		Eprintf("Could not obtain FEK.\n");
 		result = 1;

Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -p -r1.13 -r1.14
--- decrypt.c	27 Jul 2005 10:48:46 -0000	1.13
+++ decrypt.c	27 Jul 2005 15:55:42 -0000	1.14
@@ -68,7 +68,7 @@ static LPFN_CertFindCertificateInStore f
 static LPFN_CertFreeCertificateContext fnCertFreeCertificateContext;
 static LPFN_CertOpenStore fnCertOpenStore;
 
-/* global variable: handle to crypt32.dll */
+/* Global variable: Handle to crypt32.dll */
 static HMODULE hCrypt32 = INVALID_HANDLE_VALUE;
 
 #else /* !defined(__CYGWIN__) */
@@ -92,113 +92,28 @@ typedef struct {
 #else /* !defined(__CYGWIN__) */
 	int nothing;		/* unused */
 #endif /* !defined(__CYGWIN__) */
-} DECRYPT_SESSION;
+} NTFS_DECRYPT_USER_KEY_SESSION;
+
+typedef struct {
+	gcry_sexp_t sexp_key;	// the user's RSA key.
+} NTFS_DECRYPT_USER_KEY;
 
 typedef struct {
-	u64 desx_key[3];
 	u8 *key_data;
 	u32 alg_id;
 	gcry_cipher_hd_t gcry_cipher_hd;
-	gcry_sexp_t sexp_key;	// the user's RSA key.
-} DECRYPT_KEY;
+	gcry_cipher_hd_t *des_gcry_cipher_hd_ptr;
+} NTFS_DECRYPT_DATA_KEY;
 
 /* DESX-MS128 implementation for libgcrypt. */
-static gcry_module_t desx_module;
-static int desx_algorithm_id = -1;
+static gcry_module_t ntfs_desx_module;
+static int ntfs_desx_algorithm_id = -1;
+static int ntfs_desx_module_count;
 
-typedef struct desx_ctx {
+typedef struct {
+	u64 in_whitening, out_whitening;
 	gcry_cipher_hd_t gcry_cipher_hd;
-	u8 in_whitening[8], out_whitening[8];
-} desx_ctx;
-
-/**
- * desx_key_expand - expand a 128-bit desx key to the needed 192-bit key
- * @src:	source buffer containing 128-bit key
- * @dst:	destination buffer to write 192-bit key to
- *
- * Expands the on-disk 128-bit desx key to the needed full 192-bit desx key
- * required to perform desx {de,en}cryption.
- *
- * FIXME: Is this endianness safe?  I think so but I may be wrong...
- */
-static void desx_key_expand(const u8 *src, u8 *in_whitening, u8 *out_whitening,
-		u8 *des_key)
-{
-	static const int salt_len = 12;
-	static const u8 *salt1 = "Dan Simon  ";
-	static const u8 *salt2 = "Scott Field";
-	u8 md[16];
-	MD5_CTX ctx1, ctx2;
-
-	MD5_Init(&ctx1);
-
-	/* Hash the on-disk key. */
-	MD5_Update(&ctx1, src, 128 / 8);
-	memcpy(&ctx2, &ctx1, sizeof(ctx1));
-
-	/* Hash with the first salt and store the result. */
-	MD5_Update(&ctx1, salt1, salt_len);
-	MD5_Final(md, &ctx1);
-	((u32*)des_key)[0] = ((u32*)md)[0] ^ ((u32*)md)[1];
-	((u32*)des_key)[1] = ((u32*)md)[2] ^ ((u32*)md)[3];
-
-	/* Hash with the second salt and store the result. */
-	MD5_Update(&ctx2, salt2, salt_len);
-	MD5_Final(md, &ctx2);
-	memcpy(out_whitening, md, 8);
-	memcpy(in_whitening, md + 8, 8);
-}
-
-static gcry_err_code_t do_desx_setkey(void *context, const u8 *key,
-		unsigned keylen)
-{
-	struct desx_ctx *ctx = (desx_ctx*)context;
-	gcry_error_t err;
-	u8 des_key[8];
-
-	if (keylen != 16) {
-		fprintf(stderr, "not 16\n");
-		return GPG_ERR_INV_KEYLEN;
-	}
-	if ((err = gcry_cipher_open(&ctx->gcry_cipher_hd, GCRY_CIPHER_DES,
-			GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR)
-		return err;
-	if ((err = gcry_cipher_reset(ctx->gcry_cipher_hd)))
-		fprintf(stderr, "err is %u.\n", err);
-	desx_key_expand(key, ctx->in_whitening, ctx->out_whitening, des_key);
-#if 0
-	fprintf(stderr, "expanded keys (hex) =\n\t0x%llx (des)\n\t"
-			"0x%llx (in-whitening)\n\t"
-			"0x%llx (out-whitening)\n", *(u64*)des_key,
-			*(u64*)ctx->in_whitening, *(u64*)ctx->out_whitening);
-#endif
-	if ((err = gcry_cipher_setkey(ctx->gcry_cipher_hd, des_key, 8))) {
-		fprintf(stderr, "do_desx_setkey: error %u.\n", err);
-		// TODO: destroy gcry_cipher_hd
-	}
-	return GPG_ERR_NO_ERROR;
-}
-
-static void do_desx_decrypt(void *context, u8 *outbuf, const u8 *inbuf)
-{
-	struct desx_ctx *ctx = (desx_ctx*)context;
-	gcry_error_t err;
-	u8 buf[8];
-
-	*((u64*)buf) = *((const u64*)inbuf) ^ *(const u64*)ctx->out_whitening;
-	if ((err = gcry_cipher_encrypt(ctx->gcry_cipher_hd, outbuf, 8, buf, 8)))
-		fprintf(stderr, "desx decryption failed: %u.\n", err);
-	*((u64*)outbuf) ^= *(const u64*)ctx->in_whitening;
-}
-
-static gcry_cipher_spec_t cipher = {
-	.name = "DES-X-MS128",
-	.blocksize = 8,
-	.keylen = 128,
-	.contextsize = sizeof(struct desx_ctx),
-	.setkey = do_desx_setkey,
-	.decrypt = do_desx_decrypt,
-};
+} ntfs_desx_ctx;
 
 #ifdef __CYGWIN__
 static int cryptoAPI_init_imports(void)
@@ -225,170 +140,62 @@ static int cryptoAPI_init_imports(void)
 		fnCertOpenStore = (LPFN_CertOpenStore)GetProcAddress(hCrypt32,
 				"CertOpenStore");
 	return fnCryptAcquireCertificatePrivateKey && fnCertCloseStore &&
-		fnCertFindCertificateInStore && fnCertFreeCertificateContext &&
-		fnCertOpenStore;
+			fnCertFindCertificateInStore &&
+			fnCertFreeCertificateContext && fnCertOpenStore;
 }
 #endif /* defined(__CYGWIN__) */
 
-//#define DO_CRYPTO_TESTS 1
-
-#ifdef DO_CRYPTO_TESTS
-/* Do not remove this test code from this file! AIA */
-static BOOL desx_key_expand_test(void)
+ntfs_decrypt_user_key_session *ntfs_decrypt_user_key_session_open(void)
 {
-	const u8 known_desx_on_disk_key[16] = {
-		0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
-		0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30
-	};
-	const u8 known_desx_expanded_key[24] = {
-		0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
-		0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
-		0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e
-	};
-	u8 test_desx_expanded_key[24];
-	int res;
-
-	desx_key_expand(known_desx_on_disk_key, test_desx_expanded_key);
-	res = !memcmp(test_desx_expanded_key, known_desx_expanded_key,
-			sizeof(known_desx_expanded_key));
-	fprintf(stderr, "Testing whether desx_key_expand() works: %s\n",
-			res ? "SUCCESS" : "FAILED");
-	return res;
-}
-
-static BOOL des_test(void)
-{
-	const u8 known_des_key[8] = {
-		0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f
-	};
-	const u8 known_des_encrypted_data[8] = {
-		0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f
-	};
-	const u8 known_decrypted_data[8] = {
-		0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09
-	};
-	u8 test_decrypted_data[8];
-	int res;
-	gcry_error_t gcry_error2;
-	gcry_cipher_hd_t gcry_cipher_hd;
-
-	if ((gcry_error2 = gcry_cipher_open(&gcry_cipher_hd, GCRY_CIPHER_DES,
-			GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR) {
-		fprintf(stderr, "Failed to open des cipher (gcry_error2 is "
-				"%u).\n", gcry_error2);
-		return FALSE;
-	}
-	if ((gcry_error2 = gcry_cipher_setkey(gcry_cipher_hd, known_des_key,
-			sizeof(known_des_key)))) {
-		fprintf(stderr, "Failed to set des key (gcry_error2 is %u).\n",
-				gcry_error2);
-		gcry_cipher_close(gcry_cipher_hd);
-		return FALSE;
-	}
-	memcpy(test_decrypted_data, known_des_encrypted_data,
-			sizeof(known_des_encrypted_data));
-	/*
-	 * Apply DES decyption (ntfs actually uses encryption when decrypting).
-	 */
-	gcry_error2 = gcry_cipher_encrypt(gcry_cipher_hd, test_decrypted_data,
-			sizeof(test_decrypted_data), NULL, 0);
-	gcry_cipher_close(gcry_cipher_hd);
-	if (gcry_error2) {
-		fprintf(stderr, "Failed to des decrypt test data (gcry_error2 "
-				"is %u).\n", gcry_error2);
-		return FALSE;
-	}
-	res = !memcmp(test_decrypted_data, known_decrypted_data,
-			sizeof(known_decrypted_data));
-	fprintf(stderr, "Testing whether des decryption works: %s\n",
-			res ? "SUCCESS" : "FAILED");
-	return res;
-}
-
-#else /* !defined(DO_CRYPTO_TESTS) */
-
-static inline BOOL desx_key_expand_test(void)
-{
-	return TRUE;
-}
-
-static inline BOOL des_test(void)
-{
-	return TRUE;
-}
-
-#endif /* !defined(DO_CRYPTO_TESTS) */
-
-decrypt_session *decrypt_open(void)
-{
-	decrypt_session *session;
-
-	/* TODO: refcount 'module' */
-	if (desx_algorithm_id == -1) {
-		if (!desx_key_expand_test())
-			return NULL;
-		if (!des_test())
-			return NULL;
-		if (gcry_cipher_register(&cipher, &desx_algorithm_id,
-				&desx_module))
-			return NULL;
-	}
-	//fprintf(stderr, "desx_algorithm_id: %d\n", desx_algorithm_id);
-
-	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
-
+	ntfs_decrypt_user_key_session *session;
 #ifdef __CYGWIN__
 	HCERTSTORE hSystemStore;
 
+	/*
+	 * FIXME: This really needs locking and reference counting so it is
+	 * safe from races.
+	 */
 	if (!cryptoAPI_init_imports()) {
 		fprintf(stderr, "Some imports do not exist.\n");
-		errno = -1;
+		errno = EINVAL;
 		return NULL;
 	}
-
-	if (!(hSystemStore = fnCertOpenStore(((LPCSTR) CERT_STORE_PROV_SYSTEM),
-			0, (HCRYPTPROV) NULL, CERT_SYSTEM_STORE_CURRENT_USER,
-			L"MY"))) {
+	if (!(hSystemStore = fnCertOpenStore(((LPCSTR)CERT_STORE_PROV_SYSTEM),
+			0, NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"MY"))) {
 		fprintf(stderr, "Could not open system store.\n");
-		errno = -1;
+		errno = EINVAL;
 		return NULL;
 	}
 #endif /* defined(__CYGWIN__) */
-	session = (decrypt_session*)malloc(sizeof(DECRYPT_SESSION));
+	session = malloc(sizeof(NTFS_DECRYPT_USER_KEY_SESSION));
 #ifdef __CYGWIN__
-	((DECRYPT_SESSION *)session)->hSystemStore = hSystemStore;
+	((NTFS_DECRYPT_USER_KEY_SESSION*)session)->hSystemStore = hSystemStore;
 #endif /* defined(__CYGWIN__) */
 	return session;
 }
 
-void decrypt_close(decrypt_session *session)
+void ntfs_decrypt_user_key_session_close(ntfs_decrypt_user_key_session *session)
 {
 #ifdef __CYGWIN__
-	if (((DECRYPT_SESSION*)session)->hSystemStore)
-		fnCertCloseStore(((DECRYPT_SESSION*)session)->hSystemStore,
-				CERT_CLOSE_STORE_CHECK_FLAG);
-	/* fixme: racy */
-	FreeLibrary(hCrypt32);
+	HMODULE tmp;
+
+	if (((NTFS_DECRYPT_USER_KEY_SESSION*)session)->hSystemStore)
+		fnCertCloseStore(((NTFS_DECRYPT_USER_KEY_SESSION*)session)->
+				hSystemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+	/*
+	 * FIXME: This really needs locking and reference counting so it is
+	 * safe from races.
+	 */
+	tmp = hCrypt32;
 	hCrypt32 = INVALID_HANDLE_VALUE;
+	FreeLibrary(tmp);
 #endif /* defined(__CYGWIN__) */
 	free(session);
 }
 
-static inline void reverse_buffer(unsigned char *buf, unsigned int buf_size)
-{
-	unsigned char t;
-	unsigned int i;
-
-	for (i = 0; i < buf_size / 2; i++) {
-		t = buf[i];
-		buf[i] = buf[buf_size - i - 1];
-		buf[buf_size - i - 1] = t;
-	}
-}
-
-decrypt_key *decrypt_user_key_open(
-		decrypt_session *session __attribute__ ((unused)),
-		int thumb_size, void *thumb_print)
+ntfs_decrypt_user_key *ntfs_decrypt_user_key_open(
+		ntfs_decrypt_user_key_session *session __attribute__((unused)),
+		unsigned char *thumb_print, unsigned thumb_size)
 {
 #ifdef __CYGWIN__
 	CRYPT_HASH_BLOB hash_blob;
@@ -396,7 +203,7 @@ decrypt_key *decrypt_user_key_open(
 	PCCERT_CONTEXT pCert;
 	BOOL fCallerFreeProv;
 	HCRYPTKEY hCryptKey;
-	decrypt_key *key;
+	ntfs_decrypt_user_key *key;
 	DWORD dwKeySpec;
 	DWORD key_size;
 	BYTE key_blob[1000];
@@ -434,12 +241,10 @@ decrypt_key *decrypt_user_key_open(
 	if (!CryptExportKey(hCryptKey, 0, PRIVATEKEYBLOB, 0, key_blob,
 			&key_size)) {
 		fprintf(stderr, "Could not export key: Error 0x%x\n",
-				(unsigned int)GetLastError());
+				(unsigned)GetLastError());
 		errno = -1;
 		return NULL;
 	}
-	if (!(key = (decrypt_key*)malloc(sizeof(DECRYPT_KEY))))
-		goto decrypt_key_open_err;
 	CryptDestroyKey(hCryptKey);
 	rsa_pub_key = (RSAPUBKEY*)(key_blob + sizeof(PUBLICKEYSTRUC));
 	if ((err = gcry_ac_open(&gcry_handle, GCRY_AC_RSA, 0))) {
@@ -468,21 +273,22 @@ decrypt_key *decrypt_user_key_open(
 	reverse_buffer(mpi_data, size);
 	if ((rc = gcry_mpi_scan(&u, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning u.\n");
-
 	mpi_data += (rsa_pub_key->bitlen / 16);
 	size = rsa_pub_key->bitlen / 8;
 	reverse_buffer(mpi_data, size);
 	if ((rc = gcry_mpi_scan(&d, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning d.\n");
+	sexp_key = NULL;
 	if ((rc = gcry_sexp_build(&sexp_key, NULL, "(private-key (rsa (n %m) "
 			"(e %m) (d %m) (p %m) (q %m) (u %m)))", n, e, d, p, q,
 			u))) {
 		fprintf(stderr, "Could build sexp from data, (error = 0x%x)\n",
 				rc);
-		errno = -1;
-		return FALSE;
+		errno = EINVAL;
+		return NULL;
 	}
-	((DECRYPT_KEY*)key)->sexp_key = sexp_key;
+	if ((key = (decrypt_key*)malloc(sizeof(NTFS_DECRYPT_USER_KEY))))
+		((NTFS_DECRYPT_USER_KEY*)key)->sexp_key = sexp_key;
 	// todo: release all
 	return key;
 decrypt_key_open_err: 
@@ -490,45 +296,51 @@ decrypt_key_open_err: 
 		CryptDestroyKey(hCryptKey);
 	if (pCert)
 		fnCertFreeCertificateContext(pCert);
-#endif // defined(__CYGWIN__)
+#endif /* defined(__CYGWIN__) */
 	errno = ENOTSUP;
 	return NULL;
 }
 
-void decrypt_user_key_close(decrypt_key *key)
+void ntfs_decrypt_user_key_close(ntfs_decrypt_user_key *key)
 {
-	DECRYPT_KEY *dkey = (DECRYPT_KEY*)key;
-	if (dkey->gcry_cipher_hd)
-		gcry_cipher_close(dkey->gcry_cipher_hd);
+	gcry_sexp_release(((NTFS_DECRYPT_USER_KEY*)key)->sexp_key);
 	free(key);
 }
 
+static inline void reverse_buffer(unsigned char *buf, unsigned buf_size)
+{
+	unsigned char t;
+	unsigned i;
+
+	for (i = 0; i < buf_size / 2; i++) {
+		t = buf[i];
+		buf[i] = buf[buf_size - i - 1];
+		buf[buf_size - i - 1] = t;
+	}
+}
+
 /**
- * decrypt_decrypt
- *
  * warning: decrypting into the input buffer!
  */
-unsigned int decrypt_decrypt(decrypt_key *key, unsigned int data_size,
-		unsigned char *data)
+unsigned ntfs_decrypt_user_key_decrypt(ntfs_decrypt_user_key *key,
+		unsigned char *data, unsigned data_size)
 {
 	gcry_sexp_t sexp_plain_data, sexp_enc_data;
 	gcry_ac_handle_t gcry_handle;
 	gcry_mpi_t mpi_buf;
 	gcry_ac_data_t in;
 	gcry_error_t err;
-	unsigned int size, padding_length, i;
+	unsigned size, padding_length, i;
 	int rc;
 
 	if ((err = gcry_ac_open(&gcry_handle, GCRY_AC_RSA, 0))) {
 		fprintf(stderr, "Could not init gcrypt handle\n");
-		errno = -1;
-		return FALSE;
+		errno = EINVAL;
+		return 0;
 	}
 	if ((rc = gcry_ac_data_new(&in)))
 		fprintf(stderr, "error allocating 'in'.\n");
-
 	reverse_buffer(data, data_size);
-
 	size = data_size;
 	if ((rc = gcry_mpi_scan(&mpi_buf, GCRYMPI_FMT_USG, data,
 			(size_t)data_size, &size)))
@@ -537,31 +349,30 @@ unsigned int decrypt_decrypt(decrypt_key
 			"(rsa (a %m)))", mpi_buf))) {
 		fprintf(stderr, "Could build sexp from data, (error = 0x%x)\n",
 				rc);
-		errno = -1;
-		return FALSE;
+		errno = EINVAL;
+		return 0;
 	}
 	if ((rc = gcry_pk_decrypt(&sexp_plain_data, sexp_enc_data,
-			((DECRYPT_KEY*)key)->sexp_key))) {
+			((NTFS_DECRYPT_USER_KEY*)key)->sexp_key))) {
 		fprintf(stderr, "Could not decrypt fek via s-exp, (error = "
 				"0x%x)\n", rc);
-		errno = -1;
-		return FALSE;
+		errno = EINVAL;
+		return 0;
 	}
 	sexp_plain_data = gcry_sexp_find_token(sexp_plain_data, "value", 0);
 	if (!mpi_buf) {
 		fprintf(stderr, "Could find value in s-exp, (error = 0x%x)\n",
 				rc);
-		errno = -1;
-		return FALSE;
+		errno = EINVAL;
+		return 0;
 	}
 	mpi_buf = gcry_sexp_nth_mpi(sexp_plain_data, 1, GCRYMPI_FMT_USG);
-
 	if ((rc = gcry_mpi_print(GCRYMPI_FMT_USG, data, data_size, &size,
 			mpi_buf))) {
 		fprintf(stderr, "Could copy decrypted data back, (error = "
 				"0x%x)\n", rc);
-		errno = -1;
-		return FALSE;
+		errno = EINVAL;
+		return 0;
 	}
 	// remove the pkcs1 padding
 	for (padding_length = 1; (padding_length < size) &&
@@ -577,78 +388,319 @@ unsigned int decrypt_decrypt(decrypt_key
 	return size - padding_length;
 }
 
-unsigned int decrypt_decrypt_sector(decrypt_key *key, void *data,
-		unsigned long long offset)
+/**
+ * ntfs_desx_key_expand - expand a 128-bit desx key to the needed 192-bit key
+ * @src:	source buffer containing 128-bit key
+ *
+ * Expands the on-disk 128-bit desx key to the needed des key, the in-, and the
+ * out-whitening keys required to perform desx {de,en}cryption.
+ */
+static void ntfs_desx_key_expand(const u8 *src, u32 *des_key,
+		u64 *out_whitening, u64 *in_whitening)
 {
+	static const int salt_len = 12;
+	static const u8 *salt1 = "Dan Simon  ";
+	static const u8 *salt2 = "Scott Field";
+	u32 md[4];
+	MD5_CTX ctx1, ctx2;
+
+	MD5_Init(&ctx1);
+
+	/* Hash the on-disk key. */
+	MD5_Update(&ctx1, src, 128 / 8);
+	memcpy(&ctx2, &ctx1, sizeof(ctx1));
+
+	/* Hash with the first salt and store the result. */
+	MD5_Update(&ctx1, salt1, salt_len);
+	MD5_Final((u8*)md, &ctx1);
+	des_key[0] = md[0] ^ md[1];
+	des_key[1] = md[2] ^ md[3];
+
+	/* Hash with the second salt and store the result. */
+	MD5_Update(&ctx2, salt2, salt_len);
+	MD5_Final((u8*)md, &ctx2);
+	*out_whitening = *(u64*)md;
+	*in_whitening = *(u64*)(md + 2);
+}
+
+static gcry_err_code_t ntfs_desx_setkey(void *context, const u8 *key,
+		unsigned keylen)
+{
+	ntfs_desx_ctx *ctx = context;
 	gcry_error_t err;
-	DECRYPT_KEY *dkey = (DECRYPT_KEY*)key;
+	u8 des_key[8];
 
-	if ((err = gcry_cipher_reset(dkey->gcry_cipher_hd)))
-		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
-	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
-	// doing it by hand after the decryption?
-	// It wants iv length 8 but we give it 16 for AES256 so it does not
-	// like it...
-	if ((err = gcry_cipher_decrypt(dkey->gcry_cipher_hd, data, 512, NULL,
-			0)))
-		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
-	/* Apply the IV. */
-	if (dkey->alg_id == CALG_AES_256) {
-		((u64*)data)[0] ^= 0x5816657be9161312LL + offset;
-		((u64*)data)[1] ^= 0x1989adbe44918961LL + offset;
-	} else {
-		/* All other algos (Des, 3Des, DesX) use the same IV. */
-		((u64*)data)[0] ^= 0x169119629891ad13LL + offset;
+	if (keylen != 16) {
+		fprintf(stderr, "Key length for desx must be 16.\n");
+		return GPG_ERR_INV_KEYLEN;
 	}
-	return 512;
+	err = gcry_cipher_open(&ctx->gcry_cipher_hd, GCRY_CIPHER_DES,
+			GCRY_CIPHER_MODE_ECB, 0);
+	if (err != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "Failed to open des cipher (error 0x%x).\n",
+				err);
+		return err;
+	}
+	ntfs_desx_key_expand(key, (u32*)des_key, &ctx->out_whitening,
+			&ctx->in_whitening);
+	err = gcry_cipher_setkey(ctx->gcry_cipher_hd, des_key, sizeof(des_key));
+	if (err != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "Failed to set des key (error 0x%x.\n", err);
+		gcry_cipher_close(ctx->gcry_cipher_hd);
+		return err;
+	}
+	/*
+	 * Take a note of the ctx->gcry_cipher_hd since we need to close it at
+	 * ntfs_decrypt_data_key_close() time.
+	 */
+	*(gcry_cipher_hd_t*)(key + ((keylen + 7) & ~7)) = ctx->gcry_cipher_hd;
+	return GPG_ERR_NO_ERROR;
 }
 
-decrypt_key *decrypt_make_key(decrypt_session *session __attribute__ ((unused)),
-		unsigned int data_size __attribute__ ((unused)),
-		unsigned char *data)
+static void ntfs_desx_decrypt(void *context, u8 *outbuf, const u8 *inbuf)
 {
-	DECRYPT_KEY *key;
-	unsigned int key_size, gcry_algo;
+	ntfs_desx_ctx *ctx = context;
 	gcry_error_t err;
 
-	key_size = *(u32*)data;
+	*(u64*)outbuf = *(const u64*)inbuf ^ ctx->out_whitening;
+	err = gcry_cipher_encrypt(ctx->gcry_cipher_hd, outbuf, 8, NULL, 0);
+	if (err != GPG_ERR_NO_ERROR)
+		fprintf(stderr, "Des decryption failed (error 0x%x).\n", err);
+	*(u64*)outbuf ^= ctx->in_whitening;
+}
 
-	if (!(key = (DECRYPT_KEY*)malloc(sizeof(DECRYPT_KEY)))) {
-		errno = -1;
-		return NULL;
+static gcry_cipher_spec_t ntfs_desx_cipher = {
+	.name = "DES-X-MS128",
+	.blocksize = 8,
+	.keylen = 128,
+	.contextsize = sizeof(ntfs_desx_ctx),
+	.setkey = ntfs_desx_setkey,
+	.decrypt = ntfs_desx_decrypt,
+};
+
+//#define DO_CRYPTO_TESTS 1
+
+#ifdef DO_CRYPTO_TESTS
+/* Do not remove this test code from this file! AIA */
+static BOOL desx_key_expand_test(void)
+{
+	const u8 known_desx_on_disk_key[16] = {
+		0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
+		0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30
+	};
+	const u8 known_des_key[8] = {
+		0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
+	};
+	const u8 known_out_whitening[8] = {
+		0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
+	};
+	const u8 known_in_whitening[8] = {
+		0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e
+	};
+	u64 test_des_key, test_out_whitening, test_in_whitening;
+	BOOL res;
+
+	desx_key_expand(known_desx_on_disk_key, (u32*)test_des_key,
+			(u64*)test_out_whitening, (u64*)test_in_whitening);
+	res = test_des_key != *(u64*)known_des_key ||
+			test_out_whitening != *(u64*)known_out_whitening ||
+			test_in_whitening != *(u64*)known_in_whitening;
+	fprintf(stderr, "Testing whether ntfs_desx_key_expand() works: %s\n",
+			res ? "SUCCESS" : "FAILED");
+	return res;
+}
+
+static BOOL ntfs_des_test(void)
+{
+	const u8 known_des_key[8] = {
+		0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f
+	};
+	const u8 known_des_encrypted_data[8] = {
+		0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f
+	};
+	const u8 known_decrypted_data[8] = {
+		0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09
+	};
+	u8 test_decrypted_data[8];
+	int res;
+	gcry_error_t err;
+	gcry_cipher_hd_t gcry_cipher_hd;
+
+	err = gcry_cipher_open(&gcry_cipher_hd, GCRY_CIPHER_DES,
+			GCRY_CIPHER_MODE_ECB, 0);
+	if (err != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "Failed to open des cipher (error 0x%x).\n",
+				err);
+		return FALSE;
 	}
+	err = gcry_cipher_setkey(gcry_cipher_hd, known_des_key,
+			sizeof(known_des_key));
+	if (err != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "Failed to set des key (error 0x%x.\n", err);
+		gcry_cipher_close(gcry_cipher_hd);
+		return FALSE;
+	}
+	/*
+	 * Apply DES decryption (ntfs actually uses encryption when decrypting).
+	 */
+	err = gcry_cipher_encrypt(gcry_cipher_hd, test_decrypted_data,
+			sizeof(test_decrypted_data), known_des_encrypted_data,
+			sizeof(known_des_encrypted_data));
+	gcry_cipher_close(gcry_cipher_hd);
+	if (err) {
+		fprintf(stderr, "Failed to des decrypt test data (error "
+				"0x%x).\n", err);
+		return FALSE;
+	}
+	res = !memcmp(test_decrypted_data, known_decrypted_data,
+			sizeof(known_decrypted_data));
+	fprintf(stderr, "Testing whether des decryption works: %s\n",
+			res ? "SUCCESS" : "FAILED");
+	return res;
+}
+
+#else /* !defined(DO_CRYPTO_TESTS) */
+
+static inline BOOL desx_key_expand_test(void)
+{
+	return TRUE;
+}
+
+static inline BOOL des_test(void)
+{
+	return TRUE;
+}
+
+#endif /* !defined(DO_CRYPTO_TESTS) */
+
+ntfs_decrypt_data_key *ntfs_decrypt_data_key_open(unsigned char *data,
+		unsigned data_size __attribute__((unused)))
+{
+	NTFS_DECRYPT_DATA_KEY *key;
+	unsigned key_size, wanted_key_size, gcry_algo;
+	gcry_error_t err;
+
 	key_size = *(u32*)data;
+	key = (NTFS_DECRYPT_DATA_KEY*)malloc(((((sizeof(*key) + 7) & ~7) +
+			key_size + 7) & ~7) + sizeof(gcry_cipher_hd_t));
+	if (!key) {
+		errno = ENOMEM;
+		return NULL;
+	}
 	key->alg_id = *(u32*)(data + 8);
-	key->key_data = data + 16;
-
+	key->key_data = (u8*)key + ((sizeof(*key) + 7) & ~7);
+	memcpy(key->key_data, data + 16, key_size);
+	key->des_gcry_cipher_hd_ptr = (gcry_cipher_hd_t*)(key->key_data +
+			((key_size + 7) & ~7));
+	*key->des_gcry_cipher_hd_ptr = NULL;
 	switch (key->alg_id) {
 	case CALG_DESX:
-		//fprintf(stderr, "DESX key of %u bytes\n", key_size);
-		gcry_algo = desx_algorithm_id;
+		/* FIXME: This really needs locking so it is safe from races. */
+		if (!ntfs_desx_module_count++) {
+			gcry_error_t err;
+
+			if (!desx_key_expand_test() || !des_test()) {
+				errno = EINVAL;
+				return NULL;
+			}
+			err = gcry_cipher_register(&ntfs_desx_cipher,
+					&ntfs_desx_algorithm_id,
+					&ntfs_desx_module);
+			if (err != GPG_ERR_NO_ERROR) {
+				fprintf(stderr, "Failed to register desx "
+						"cipher (error 0x%x).\n", err);
+				errno = EINVAL;
+				return NULL;
+			}
+			gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+		}
+		wanted_key_size = 16;
+		gcry_algo = ntfs_desx_algorithm_id;
 		break;
 	case CALG_3DES:
-		//fprintf(stderr, "3DES Key of %u bytes\n", key_size);
+		wanted_key_size = 24;
 		gcry_algo = GCRY_CIPHER_3DES;
 		break;
 	case CALG_AES_256:
-		//fprintf(stderr, "AES Key of %u bytes\n", key_size);
+		wanted_key_size = 32;
 		gcry_algo = GCRY_CIPHER_AES256;
 		break;
 	default:
-		fprintf(stderr, "DES key of %u bytes\n", key_size);
-		fprintf(stderr, "This probably will not work...  "
-				"It is completely untested.\n");
+		wanted_key_size = 8;
 		gcry_algo = GCRY_CIPHER_DES;
-		break;
+		fprintf(stderr, "DES is not supported at present.  Please "
+				"email lin...@li... "
+				"and say that you saw this message.  We will "
+				"then implement support for DES.\n");
+		free(key);
+		errno = ENOTSUP;
+		return NULL;
 	}
-	if ((err = gcry_cipher_open(&key->gcry_cipher_hd, gcry_algo,
-			GCRY_CIPHER_MODE_CBC, 0)) != GPG_ERR_NO_ERROR) {
-		fprintf(stderr, "gcry_cipher_open failed with 0x%x.\n", err);
-		errno = -1;
+	if (key_size != wanted_key_size) {
+		fprintf(stderr, "%s key of %u bytes but needed size is %u "
+				"bytes, assuming corrupt key.  Aborting.\n",
+				gcry_cipher_algo_name(gcry_algo), key_size,
+				wanted_key_size);
+		free(key);
+		errno = EIO;
+		return NULL;
+	}
+	err = gcry_cipher_open(&key->gcry_cipher_hd, gcry_algo,
+			GCRY_CIPHER_MODE_CBC, 0);
+	if (err != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "gcry_cipher_open() failed with error 0x%x.\n",
+				err);
+		free(key);
+		errno = EINVAL;
 		return 0;
 	}
-	if ((err = gcry_cipher_setkey(key->gcry_cipher_hd, key->key_data,
-			key_size)))
-		fprintf(stderr, "gcry_cipher_setkey failed with 0x%x.\n", err);
-	return (decrypt_key*)key;
+	err = gcry_cipher_setkey(key->gcry_cipher_hd, key->key_data, key_size);
+	if (err != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "gcry_cipher_setkey() failed with error "
+				"0x%x.\n", err);
+		gcry_cipher_close(key->gcry_cipher_hd);
+		free(key);
+		errno = EINVAL;
+		return NULL;
+	}
+	return (ntfs_decrypt_data_key*)key;
+}
+
+void ntfs_decrypt_data_key_close(ntfs_decrypt_data_key *key)
+{
+	NTFS_DECRYPT_DATA_KEY *dkey = (NTFS_DECRYPT_DATA_KEY*)key;
+	if (*dkey->des_gcry_cipher_hd_ptr)
+		gcry_cipher_close(*dkey->des_gcry_cipher_hd_ptr);
+	gcry_cipher_close(dkey->gcry_cipher_hd);
+	free(key);
+	/* FIXME: This really needs locking so it is safe from races. */
+	if (!--ntfs_desx_module_count) {
+		gcry_cipher_unregister(ntfs_desx_module);
+		ntfs_desx_module = NULL;
+		ntfs_desx_algorithm_id = -1;
+	}
+}
+
+unsigned ntfs_decrypt_data_key_decrypt_sector(ntfs_decrypt_data_key *key,
+		unsigned char *data, unsigned long long offset)
+{
+	NTFS_DECRYPT_DATA_KEY *dkey = (NTFS_DECRYPT_DATA_KEY*)key;
+	gcry_error_t err;
+
+	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
+	// doing it by hand after the decryption?
+	// It wants iv length 8 but we give it 16 for AES256 so it does not
+	// like it...
+	if ((err = gcry_cipher_decrypt(dkey->gcry_cipher_hd, data, 512, NULL,
+			0)))
+		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
+	/* Apply the IV. */
+	if (dkey->alg_id == CALG_AES_256) {
+		((u64*)data)[0] ^= 0x5816657be9161312LL + offset;
+		((u64*)data)[1] ^= 0x1989adbe44918961LL + offset;
+	} else {
+		/* All other algos (Des, 3Des, DesX) use the same IV. */
+		((u64*)data)[0] ^= 0x169119629891ad13LL + offset;
+	}
+	return 512;
 }

Index: decrypt.h
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- decrypt.h	27 Jul 2005 10:30:57 -0000	1.3
+++ decrypt.h	27 Jul 2005 15:55:43 -0000	1.4
@@ -1,8 +1,9 @@
 /*
- * decrypt.h - interface for decryption rutines.
- * Part of the Linux-NTFS project.
+ * decrypt.h - Interface for decryption rutines.  Part of the Linux-NTFS
+ *	       project.
  *
  * Copyright (c) 2005 Yuval Fledel
+ * Copyright (c) 2005 Anton Altaparmakov
  *
  * This program/include file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as published
@@ -23,20 +24,27 @@
 #ifndef _NTFS_DECRYPT_H
 #define _NTFS_DECRYPT_H
 
-typedef void *decrypt_session;
-typedef void *decrypt_key;
+typedef void *ntfs_decrypt_user_key_session;
+typedef void *ntfs_decrypt_user_key;
+typedef void *ntfs_decrypt_data_key;
 
-extern decrypt_session *decrypt_open(void);
-extern void decrypt_close(decrypt_session * session);
-extern decrypt_key *decrypt_user_key_open(decrypt_session * session,
-		int thumb_size, void *thumb_print);
-extern void decrypt_user_key_close(decrypt_key * key);
-extern unsigned int decrypt_decrypt(decrypt_key * key, unsigned int data_size,
-		unsigned char *data);
-extern unsigned int decrypt_decrypt_sector(decrypt_key * key, void *data,
-		unsigned long long offset);
-extern decrypt_key *decrypt_make_key(decrypt_session * session,
-		unsigned int data_size, unsigned char *data);
-extern int decrypt_get_block_size(decrypt_key * key);
+extern ntfs_decrypt_user_key_session *ntfs_decrypt_user_key_session_open(void);
+extern void ntfs_decrypt_user_key_session_close(
+		ntfs_decrypt_user_key_session *session);
+
+extern ntfs_decrypt_user_key *ntfs_decrypt_user_key_open(
+		ntfs_decrypt_user_key_session *session,
+		unsigned char *thumb_print, unsigned thumb_size);
+extern void ntfs_decrypt_user_key_close(ntfs_decrypt_user_key *key);
+
+extern unsigned ntfs_decrypt_user_key_decrypt(ntfs_decrypt_user_key *key,
+		unsigned char *data, unsigned data_size);
+
+extern ntfs_decrypt_data_key *ntfs_decrypt_data_key_open(unsigned char *data,
+		unsigned data_size);
+extern void ntfs_decrypt_data_key_close(ntfs_decrypt_data_key *key);
+
+extern unsigned ntfs_decrypt_data_key_decrypt_sector(ntfs_decrypt_data_key *key,
+		unsigned char *data, unsigned long long offset);
 
 #endif /* defined _NTFS_DECRYPT_H */

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.12,1.13 ntfsdecrypt.c,1.4,1.5

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4949

Modified Files:
	decrypt.c ntfsdecrypt.c 
Log Message:
Some more cleanups I missed last time.


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -p -r1.12 -r1.13
--- decrypt.c	27 Jul 2005 10:30:57 -0000	1.12
+++ decrypt.c	27 Jul 2005 10:48:46 -0000	1.13
@@ -1,5 +1,5 @@
 /*
- * decrypt.c - $EFS decryption routined.  Part of the Linux-NTFS project.
+ * decrypt.c - $EFS decryption routines.  Part of the Linux-NTFS project.
  *
  * Copyright (c) 2005 Yuval Fledel
  * Copyright (c) 2005 Anton Altaparmakov

Index: ntfsdecrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsdecrypt.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- ntfsdecrypt.c	27 Jul 2005 10:30:57 -0000	1.4
+++ ntfsdecrypt.c	27 Jul 2005 10:48:46 -0000	1.5
@@ -56,9 +56,9 @@ GEN_PRINTF(Vprintf, stderr, &opts.verbos
 GEN_PRINTF(Qprintf, stderr, &opts.quiet, FALSE)
 static GEN_PRINTF(Printf, stderr, NULL, FALSE)
 
-static ntfschar EFS[5] = { const_cpu_to_le16('$'), const_cpu_to_le16('E'),
-	const_cpu_to_le16('F'), const_cpu_to_le16('S'),
-	const_cpu_to_le16('\0')
+static ntfschar EFS[5] = {
+	const_cpu_to_le16('$'), const_cpu_to_le16('E'), const_cpu_to_le16('F'),
+	const_cpu_to_le16('S'), const_cpu_to_le16('\0')
 };
 static const int EFS_name_length = 4;
 
@@ -71,8 +71,8 @@ static const int EFS_name_length = 4;
  */
 static void version(void)
 {
-	Printf("\n%s v%s - Decrypt and concatenate files and print on the "
-			"standard output.\n\n", EXEC_NAME, VERSION);
+	Printf("\n%s v%s - Decrypt files and print on the standard output.\n\n",
+			EXEC_NAME, VERSION);
 	Printf("Copyright (c) 2005 Yuval Fledel\n");
 	Printf("Copyright (c) 2005 Anton Altaparmakov\n");
 	Printf("\n%s\n%s%s\n", ntfs_gpl, ntfs_bugs, ntfs_home);
@@ -133,11 +133,11 @@ static int parse_options(int argc, char 
 	while ((c = getopt_long(argc, argv, sopt, lopt, NULL)) != (char)-1) {
 		switch (c) {
 		case 1:	/* A non-option argument */
-			if (!opts.device) {
+			if (!opts.device)
 				opts.device = argv[optind - 1];
-			} else if (!opts.file) {
+			else if (!opts.file)
 				opts.file = argv[optind - 1];
-			} else {
+			else {
 				Eprintf("You must specify exactly one file.\n");
 				err++;
 			}
@@ -151,8 +151,8 @@ static int parse_options(int argc, char 
 			break;
 		case 'i':
 			if (opts.inode != -1)
-				Eprintf
-				    ("You must specify exactly one inode.\n");
+				Eprintf("You must specify exactly one "
+						"inode.\n");
 			else if (utils_parse_size(optarg, &opts.inode, FALSE))
 				break;
 			else
@@ -183,8 +183,8 @@ static int parse_options(int argc, char 
 			err++;
 
 		} else if (opts.file == NULL && opts.inode == -1) {
-			Eprintf("You must specify a file or inode "
-				"with the -i option.\n");
+			Eprintf("You must specify a file or inode with the -i "
+					"option.\n");
 			err++;
 
 		} else if (opts.file != NULL && opts.inode != -1) {
@@ -194,7 +194,7 @@ static int parse_options(int argc, char 
 
 		if (opts.quiet && opts.verbose) {
 			Eprintf("You may not use --quiet and --verbose at the "
-				"same time.\n");
+					"same time.\n");
 			err++;
 		}
 	}
@@ -210,7 +210,7 @@ static int parse_options(int argc, char 
 /**
  * cat
  */
-static int cat_decrypt(ntfs_inode * inode, decrypt_key * fek)
+static int cat_decrypt(ntfs_inode *inode, decrypt_key *fek)
 {
 	int bufsize = 512;
 	char *buffer;
@@ -221,14 +221,12 @@ static int cat_decrypt(ntfs_inode * inod
 	buffer = malloc(bufsize);
 	if (!buffer)
 		return 1;
-
 	attr = ntfs_attr_open(inode, AT_DATA, NULL, 0);
 	if (!attr) {
 		Eprintf("Cannot cat a directory.\n");
 		free(buffer);
 		return 1;
 	}
-
 	total = attr->data_size;
 
 	// hack: make sure attr will not be commited to disk if you use this.
@@ -246,7 +244,6 @@ static int cat_decrypt(ntfs_inode * inod
 		}
 		if (!bytes_read)
 			break;
-
 		if ((i = decrypt_decrypt_sector(fek, buffer, offset)) <
 				bytes_read) {
 			perror("ERROR: Couldn't decrypt all data!");
@@ -256,7 +253,6 @@ static int cat_decrypt(ntfs_inode * inod
 		}
 		if (bytes_read > total)
 			bytes_read = total;
-
 		written = fwrite(buffer, 1, bytes_read, stdout);
 		if (written != bytes_read) {
 			perror("ERROR: Couldn't output all data!");
@@ -265,7 +261,6 @@ static int cat_decrypt(ntfs_inode * inod
 		offset += bytes_read;
 		total -= bytes_read;
 	}
-
 	ntfs_attr_close(attr);
 	free(buffer);
 	return 0;
@@ -290,13 +285,11 @@ static decrypt_key *get_fek(ntfs_inode *
 		perror("Error");
 		return NULL;
 	}
-
 	efs_buffer = malloc(na->data_size);
 	if (!efs_buffer) {
 		perror("malloc failed");
 		return NULL;
 	}
-
 	if (ntfs_attr_pread(na, 0, na->data_size, efs_buffer) !=
 			na->data_size) {
 		perror("ntfs_attr_pread failed");
@@ -305,31 +298,29 @@ static decrypt_key *get_fek(ntfs_inode *
 	}
 	ntfs_attr_close(na);
 
-	/* init the CryptoAPI */
+	/* Init the CryptoAPI. */
 	if (!(session = decrypt_open())) {
 		perror("Could not init the cryptoAPI.");
 		return NULL;
 	}
-
-	/* iterate through the DDFs & DRFs until you obtain a key */
-
-	ddf = efs_buffer + le32_to_cpu(*(u32 *)(efs_buffer + 0x40));
-	ddf_count = le32_to_cpu(*(u32 *)ddf);
+	/* Iterate through the DDFs & DRFs until you obtain a key. */
+	ddf = efs_buffer + le32_to_cpu(*(u32*)(efs_buffer + 0x40));
+	ddf_count = le32_to_cpu(*(u32*)ddf);
 
 	ddf = ddf + 0x04;
 	for (i = 0; i < ddf_count; i++) {
 		//Eprintf("ddf #%u.\n", i);
-		if (*(u32 *) (ddf + 0x18))
+		if (*(u32*)(ddf + 0x18))
 			certificate = (ddf + 0x30 +
-					le32_to_cpu(*(u32 *)(ddf + 0x18)));
+					le32_to_cpu(*(u32*)(ddf + 0x18)));
 		else
 			certificate = (ddf + 0x30);
 
-		hash_size = (unsigned int)le32_to_cpu(*(u32 *)certificate);
+		hash_size = (unsigned int)le32_to_cpu(*(u32*)certificate);
 		hash_data = certificate + (unsigned int)
-				le32_to_cpu(*(u32 *)(certificate + 0x04));
-		fek_size = (unsigned int)le32_to_cpu(*(u32 *)(ddf + 0x08));
-		fek_buf = ddf + (unsigned int)le32_to_cpu(*(u32 *)(ddf + 0x0c));
+				le32_to_cpu(*(u32*)(certificate + 0x04));
+		fek_size = (unsigned int)le32_to_cpu(*(u32*)(ddf + 0x08));
+		fek_buf = ddf + (unsigned int)le32_to_cpu(*(u32*)(ddf + 0x0c));
 
 		if ((key = decrypt_user_key_open(session, hash_size,
 				hash_data))) {
@@ -346,10 +337,9 @@ static decrypt_key *get_fek(ntfs_inode *
 		} else
 			Eprintf("Could not open key.\n");
 
-		ddf = ddf + le32_to_cpu(*(u32 *)(ddf + 0x08)) +
-				le32_to_cpu(*(u32 *)(ddf + 0x0c));
+		ddf = ddf + le32_to_cpu(*(u32*)(ddf + 0x08)) +
+				le32_to_cpu(*(u32*)(ddf + 0x0c));
 	}
-
 	decrypt_close(session);
 	return NULL;
 }
@@ -371,7 +361,6 @@ int main(int argc, char *argv[])
 
 	if (!parse_options(argc, argv))
 		return 1;
-
 	utils_set_locale();
 
 	//XXX quieten errors, temporarily
@@ -381,17 +370,14 @@ int main(int argc, char *argv[])
 		perror("ERROR: couldn't mount volume");
 		return 1;
 	}
-
 	if (opts.inode != -1)
 		inode = ntfs_inode_open(vol, opts.inode);
 	else
 		inode = ntfs_pathname_to_inode(vol, NULL, opts.file);
-
 	if (!inode) {
 		perror("ERROR: Couldn't open inode");
 		return 1;
 	}
-
 	fek = get_fek(inode);
 	if (fek) {
 		result = cat_decrypt(inode, fek);
@@ -400,14 +386,7 @@ int main(int argc, char *argv[])
 		Eprintf("Could not obtain FEK.\n");
 		result = 1;
 	}
-
 	ntfs_inode_close(inode);
 	ntfs_umount(vol, FALSE);
-#if 0
-	if (result)
-		Printf("failed\n");
-	else
-		Printf("success\n");
-#endif
 	return result;
 }

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfsdecrypt.c,1.3,1.4 decrypt.c,1.11,1.12 decrypt.h,1.2,1.3

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3215

Modified Files:
	ntfsdecrypt.c decrypt.c decrypt.h 
Log Message:
Run through Lindent and some manual aftercleanups.


Index: ntfsdecrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsdecrypt.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- ntfsdecrypt.c	21 Jul 2005 12:12:48 -0000	1.3
+++ ntfsdecrypt.c	27 Jul 2005 10:30:57 -0000	1.4
@@ -1,9 +1,8 @@
 /**
  * ntfsdecrypt - Part of the Linux-NTFS project.
  *
- * Copyright (c) 2003 Richard Russon
- * Copyright (c) 2003 Anton Altaparmakov
  * Copyright (c) 2005 Yuval Fledel
+ * Copyright (c) 2005 Anton Altaparmakov
  *
  * This utility will decrypt files and print on the standard output.
  *
@@ -40,26 +39,27 @@
 #include "decrypt.h"
 
 struct options {
-	char		*device;	/* Device/File to work with */
-	char		*file;		/* File to display */
-	s64		 inode;		/* Inode to work with */
-	ATTR_TYPES	 attr;		/* Attribute type to display */
-	int		 force;		/* Override common sense */
-	int		 quiet;		/* Less output */
-	int		 verbose;	/* Extra output */
+	char *device;		/* Device/File to work with */
+	char *file;		/* File to display */
+	s64 inode;		/* Inode to work with */
+	ATTR_TYPES attr;	/* Attribute type to display */
+	int force;		/* Override common sense */
+	int quiet;		/* Less output */
+	int verbose;		/* Extra output */
 };
 
-static const char *EXEC_NAME = "ntfscat";
+static const char *EXEC_NAME = "ntfsdecrypt";
 static struct options opts;
 
-GEN_PRINTF (Eprintf, stderr, NULL,          FALSE)
-GEN_PRINTF (Vprintf, stderr, &opts.verbose, TRUE)
-GEN_PRINTF (Qprintf, stderr, &opts.quiet,   FALSE)
-static GEN_PRINTF (Printf,  stderr, NULL,   FALSE)
+GEN_PRINTF(Eprintf, stderr, NULL, FALSE)
+GEN_PRINTF(Vprintf, stderr, &opts.verbose, TRUE)
+GEN_PRINTF(Qprintf, stderr, &opts.quiet, FALSE)
+static GEN_PRINTF(Printf, stderr, NULL, FALSE)
 
 static ntfschar EFS[5] = { const_cpu_to_le16('$'), const_cpu_to_le16('E'),
-		   const_cpu_to_le16('F'), const_cpu_to_le16('S'),
-		   const_cpu_to_le16('\0') };
+	const_cpu_to_le16('F'), const_cpu_to_le16('S'),
+	const_cpu_to_le16('\0')
+};
 static const int EFS_name_length = 4;
 
 /**
@@ -69,12 +69,13 @@ static const int EFS_name_length = 4;
  *
  * Return:  none
  */
-static void version (void)
+static void version(void)
 {
-	Printf ("\n%s v%s - Concatenate files and print on the standard output.\n\n",
-		EXEC_NAME, VERSION);
-	Printf ("Copyright (c) 2003 Richard Russon\n");
-	Printf ("\n%s\n%s%s\n", ntfs_gpl, ntfs_bugs, ntfs_home);
+	Printf("\n%s v%s - Decrypt and concatenate files and print on the "
+			"standard output.\n\n", EXEC_NAME, VERSION);
+	Printf("Copyright (c) 2005 Yuval Fledel\n");
+	Printf("Copyright (c) 2005 Anton Altaparmakov\n");
+	Printf("\n%s\n%s%s\n", ntfs_gpl, ntfs_bugs, ntfs_home);
 }
 
 /**
@@ -84,21 +85,18 @@ static void version (void)
  *
  * Return:  none
  */
-static void usage (void)
+static void usage(void)
 {
-	Printf ("\nUsage: %s [options] device [file]\n\n"
-		"    -a, --attribute num   Display this attribute\n"
-		"    -i, --inode num       Display this inode\n\n"
-		"    -f  --force           Use less caution\n"
-		"    -h  --help            Print this help\n"
-		"    -q  --quiet           Less output\n"
-		"    -V  --version         Version information\n"
-		"    -v  --verbose         More output\n\n",
-		//"    -N  --name            Display this attribute name",
-		//"    -F  --file            Display this file",
-		//"    -r  --raw             Display the compressed or encrypted file",
-		EXEC_NAME);
-	Printf ("%s%s\n", ntfs_bugs, ntfs_home);
+	Printf("\nUsage: %s [options] device [file]\n\n"
+	       "    -i, --inode num       Display this inode\n\n"
+	       "    -f  --force           Use less caution\n"
+	       "    -h  --help            Print this help\n"
+	       "    -q  --quiet           Less output\n"
+	       "    -V  --version         Version information\n"
+	       "    -v  --verbose         More output\n\n",
+	       //"    -r  --raw             Display the compressed or encrypted file",
+	       EXEC_NAME);
+	Printf("%s%s\n", ntfs_bugs, ntfs_home);
 }
 
 /**
@@ -110,37 +108,35 @@ static void usage (void)
  * Return:  1 Success
  *	    0 Error, one or more problems
  */
-static int parse_options (int argc, char **argv)
+static int parse_options(int argc, char **argv)
 {
-	static const char *sopt = "-a:fh?i:qVv"; // F:N:
+	static const char *sopt = "-fh?i:qVv";	// F:N:
 	static const struct option lopt[] = {
-		{ "force",	no_argument,		NULL, 'f' },
-		{ "help",	no_argument,		NULL, 'h' },
-		{ "inode",	required_argument,	NULL, 'i' },
-		{ "quiet",	no_argument,		NULL, 'q' },
-		{ "version",	no_argument,		NULL, 'V' },
-		{ "verbose",	no_argument,		NULL, 'v' },
-	//	{ "file",	required_argument,	NULL, 'F' },
-	//	{ "name",	required_argument,	NULL, 'N' },
-		{ NULL,		0,			NULL, 0   }
+		{"force", no_argument, NULL, 'f'},
+		{"help", no_argument, NULL, 'h'},
+		{"inode", required_argument, NULL, 'i'},
+		{"quiet", no_argument, NULL, 'q'},
+		{"version", no_argument, NULL, 'V'},
+		{"verbose", no_argument, NULL, 'v'},
+		{NULL, 0, NULL, 0}
 	};
 
 	char c = -1;
-	int err  = 0;
-	int ver  = 0;
+	int err = 0;
+	int ver = 0;
 	int help = 0;
 
-	opterr = 0; /* We'll handle the errors, thank you. */
+	opterr = 0;		/* We'll handle the errors, thank you. */
 
 	opts.inode = -1;
 
-	while ((c = getopt_long (argc, argv, sopt, lopt, NULL)) != (char)-1) {
+	while ((c = getopt_long(argc, argv, sopt, lopt, NULL)) != (char)-1) {
 		switch (c) {
 		case 1:	/* A non-option argument */
 			if (!opts.device) {
-				opts.device = argv[optind-1];
+				opts.device = argv[optind - 1];
 			} else if (!opts.file) {
-				opts.file = argv[optind-1];
+				opts.file = argv[optind - 1];
 			} else {
 				Eprintf("You must specify exactly one file.\n");
 				err++;
@@ -155,7 +151,8 @@ static int parse_options (int argc, char
 			break;
 		case 'i':
 			if (opts.inode != -1)
-				Eprintf("You must specify exactly one inode.\n");
+				Eprintf
+				    ("You must specify exactly one inode.\n");
 			else if (utils_parse_size(optarg, &opts.inode, FALSE))
 				break;
 			else
@@ -172,7 +169,7 @@ static int parse_options (int argc, char
 			opts.verbose++;
 			break;
 		default:
-			Eprintf ("Unknown option '%s'.\n", argv[optind-1]);
+			Eprintf("Unknown option '%s'.\n", argv[optind - 1]);
 			err++;
 			break;
 		}
@@ -182,22 +179,22 @@ static int parse_options (int argc, char
 		opts.quiet = 0;
 	} else {
 		if (opts.device == NULL) {
-		       	Eprintf ("You must specify a device.\n");
+			Eprintf("You must specify a device.\n");
 			err++;
 
 		} else if (opts.file == NULL && opts.inode == -1) {
-			Eprintf ("You must specify a file or inode "
-				 "with the -i option.\n");
+			Eprintf("You must specify a file or inode "
+				"with the -i option.\n");
 			err++;
 
 		} else if (opts.file != NULL && opts.inode != -1) {
-			Eprintf ("You can't specify both a file and inode.\n");
+			Eprintf("You can't specify both a file and inode.\n");
 			err++;
 		}
 
 		if (opts.quiet && opts.verbose) {
 			Eprintf("You may not use --quiet and --verbose at the "
-					"same time.\n");
+				"same time.\n");
 			err++;
 		}
 	}
@@ -213,22 +210,22 @@ static int parse_options (int argc, char
 /**
  * cat
  */
-static int cat_decrypt(ntfs_inode *inode, decrypt_key *fek)
+static int cat_decrypt(ntfs_inode * inode, decrypt_key * fek)
 {
-	int bufsize = 512; 
+	int bufsize = 512;
 	char *buffer;
 	ntfs_attr *attr;
 	s64 bytes_read, written, offset, total;
 	unsigned int i;
 
-	buffer = malloc (bufsize);
+	buffer = malloc(bufsize);
 	if (!buffer)
 		return 1;
 
-	attr = ntfs_attr_open (inode, AT_DATA, NULL, 0);
+	attr = ntfs_attr_open(inode, AT_DATA, NULL, 0);
 	if (!attr) {
-		Eprintf ("Cannot cat a directory.\n");
-		free (buffer);
+		Eprintf("Cannot cat a directory.\n");
+		free(buffer);
 		return 1;
 	}
 
@@ -241,43 +238,43 @@ static int cat_decrypt(ntfs_inode *inode
 	attr->data_size = attr->initialized_size = attr->allocated_size;
 
 	offset = 0;
-	while (total>0) {
-		bytes_read = ntfs_attr_pread (attr, offset, 512, buffer);
+	while (total > 0) {
+		bytes_read = ntfs_attr_pread(attr, offset, 512, buffer);
 		if (bytes_read == -1) {
-			perror ("ERROR: Couldn't read file");
+			perror("ERROR: Couldn't read file");
 			break;
 		}
 		if (!bytes_read)
 			break;
 
-		if ((i = decrypt_decrypt_sector(fek, buffer, offset))
-						< bytes_read) {
-			perror ("ERROR: Couldn't decrypt all data!");
+		if ((i = decrypt_decrypt_sector(fek, buffer, offset)) <
+				bytes_read) {
+			perror("ERROR: Couldn't decrypt all data!");
 			Eprintf("%u/%lld/%lld/%lld\n", i, (long long)bytes_read,
-				(long long)offset, (long long)total);
+					(long long)offset, (long long)total);
 			break;
 		}
 		if (bytes_read > total)
 			bytes_read = total;
 
-		written = fwrite (buffer, 1, bytes_read, stdout);
+		written = fwrite(buffer, 1, bytes_read, stdout);
 		if (written != bytes_read) {
-			perror ("ERROR: Couldn't output all data!");
+			perror("ERROR: Couldn't output all data!");
 			break;
 		}
 		offset += bytes_read;
 		total -= bytes_read;
 	}
 
-	ntfs_attr_close (attr);
-	free (buffer);
+	ntfs_attr_close(attr);
+	free(buffer);
 	return 0;
 }
 
 /**
  * get_fek
  */
-static decrypt_key *get_fek (ntfs_inode *inode)
+static decrypt_key *get_fek(ntfs_inode * inode)
 {
 	ntfs_attr *na;
 	char *efs_buffer, *ddf, *certificate, *hash_data, *fek_buf;
@@ -287,8 +284,8 @@ static decrypt_key *get_fek (ntfs_inode 
 	decrypt_key *key;
 
 	/* obtain the $EFS contents */
-	na = ntfs_attr_open (inode, AT_LOGGED_UTILITY_STREAM,
-				EFS, EFS_name_length);
+	na = ntfs_attr_open(inode, AT_LOGGED_UTILITY_STREAM,
+			EFS, EFS_name_length);
 	if (!na) {
 		perror("Error");
 		return NULL;
@@ -300,8 +297,8 @@ static decrypt_key *get_fek (ntfs_inode 
 		return NULL;
 	}
 
-	if (ntfs_attr_pread(na, 0, na->data_size, efs_buffer) != 
-				na->data_size) {
+	if (ntfs_attr_pread(na, 0, na->data_size, efs_buffer) !=
+			na->data_size) {
 		perror("ntfs_attr_pread failed");
 		free(efs_buffer);
 		return NULL;
@@ -309,37 +306,37 @@ static decrypt_key *get_fek (ntfs_inode 
 	ntfs_attr_close(na);
 
 	/* init the CryptoAPI */
-	if(!(session = decrypt_open())) {
+	if (!(session = decrypt_open())) {
 		perror("Could not init the cryptoAPI.");
 		return NULL;
 	}
 
 	/* iterate through the DDFs & DRFs until you obtain a key */
 
-	ddf = efs_buffer + le32_to_cpu(*(u32 *)(efs_buffer+0x40));
+	ddf = efs_buffer + le32_to_cpu(*(u32 *)(efs_buffer + 0x40));
 	ddf_count = le32_to_cpu(*(u32 *)ddf);
 
 	ddf = ddf + 0x04;
-	for (i=0;i<ddf_count;i++) {
+	for (i = 0; i < ddf_count; i++) {
 		//Eprintf("ddf #%u.\n", i);
-		if (*(u32 *)(ddf+0x18))
+		if (*(u32 *) (ddf + 0x18))
 			certificate = (ddf + 0x30 +
-				le32_to_cpu(*(u32 *)(ddf+0x18)));
+					le32_to_cpu(*(u32 *)(ddf + 0x18)));
 		else
 			certificate = (ddf + 0x30);
 
 		hash_size = (unsigned int)le32_to_cpu(*(u32 *)certificate);
-		hash_data = certificate +
-			(unsigned int)le32_to_cpu(*(u32 *)(certificate+0x04));
-		fek_size = (unsigned int)le32_to_cpu(*(u32 *)(ddf+0x08));
-		fek_buf = ddf + (unsigned int)le32_to_cpu(*(u32 *)(ddf+0x0C));
-
-		if ((key = decrypt_user_key_open(session, hash_size, hash_data))) {
-			if ((fek_size = decrypt_decrypt(key, fek_size, 
-						fek_buf))) {
+		hash_data = certificate + (unsigned int)
+				le32_to_cpu(*(u32 *)(certificate + 0x04));
+		fek_size = (unsigned int)le32_to_cpu(*(u32 *)(ddf + 0x08));
+		fek_buf = ddf + (unsigned int)le32_to_cpu(*(u32 *)(ddf + 0x0c));
+
+		if ((key = decrypt_user_key_open(session, hash_size,
+				hash_data))) {
+			if ((fek_size = decrypt_decrypt(key, fek_size,
+					fek_buf)))
 				return decrypt_make_key(session, fek_size,
 						fek_buf);
-			}
 			perror("error decrypting the FEK.");
 			decrypt_user_key_close(key);
 			decrypt_close(session);
@@ -349,8 +346,8 @@ static decrypt_key *get_fek (ntfs_inode 
 		} else
 			Eprintf("Could not open key.\n");
 
-		ddf = ddf + le32_to_cpu(*(u32 *)(ddf+0x08)) +
-				le32_to_cpu(*(u32 *)(ddf+0x0C));
+		ddf = ddf + le32_to_cpu(*(u32 *)(ddf + 0x08)) +
+				le32_to_cpu(*(u32 *)(ddf + 0x0c));
 	}
 
 	decrypt_close(session);
@@ -365,53 +362,52 @@ static decrypt_key *get_fek (ntfs_inode 
  * Return:  0  Success, the program worked
  *	    1  Error, something went wrong
  */
-int main (int argc, char *argv[])
+int main(int argc, char *argv[])
 {
 	ntfs_volume *vol;
 	ntfs_inode *inode;
 	decrypt_key *fek;
 	int result = 1;
 
-	if (!parse_options (argc, argv))
+	if (!parse_options(argc, argv))
 		return 1;
 
 	utils_set_locale();
 
 	//XXX quieten errors, temporarily
 
-	vol = utils_mount_volume (opts.device, MS_RDONLY, opts.force);
+	vol = utils_mount_volume(opts.device, MS_RDONLY, opts.force);
 	if (!vol) {
- 		perror("ERROR: couldn't mount volume");
+		perror("ERROR: couldn't mount volume");
 		return 1;
 	}
 
- 	if (opts.inode != -1)
- 		inode = ntfs_inode_open (vol, opts.inode);
- 	else
- 		inode = ntfs_pathname_to_inode (vol, NULL, opts.file);
+	if (opts.inode != -1)
+		inode = ntfs_inode_open(vol, opts.inode);
+	else
+		inode = ntfs_pathname_to_inode(vol, NULL, opts.file);
 
 	if (!inode) {
- 		perror("ERROR: Couldn't open inode");
+		perror("ERROR: Couldn't open inode");
 		return 1;
 	}
 
 	fek = get_fek(inode);
 	if (fek) {
-		result = cat_decrypt (inode, fek);
+		result = cat_decrypt(inode, fek);
 		decrypt_user_key_close(fek);
 	} else {
 		Eprintf("Could not obtain FEK.\n");
 		result = 1;
 	}
 
-	ntfs_inode_close (inode);
-	ntfs_umount (vol, FALSE);
+	ntfs_inode_close(inode);
+	ntfs_umount(vol, FALSE);
 #if 0
 	if (result)
-		Printf ("failed\n");
+		Printf("failed\n");
 	else
-		Printf ("success\n");
+		Printf("success\n");
 #endif
 	return result;
 }
-

Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- decrypt.c	27 Jul 2005 09:18:26 -0000	1.11
+++ decrypt.c	27 Jul 2005 10:30:57 -0000	1.12
@@ -1,11 +1,9 @@
 /*
- * decrypt.c - Part of the Linux-NTFS project.
+ * decrypt.c - $EFS decryption routined.  Part of the Linux-NTFS project.
  *
  * Copyright (c) 2005 Yuval Fledel
  * Copyright (c) 2005 Anton Altaparmakov
  *
- * $EFS decryption routines.
- *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
@@ -32,7 +30,6 @@
 #include "decrypt.h"
 
 #ifdef __CYGWIN__
-//#define USE_CRYPTOAPI_RSA 1
 #define _WIN32_WINNT 0x501
 #define WINVER 0x501
 
@@ -52,19 +49,19 @@
 #define CRYPT_ACQUIRE_CACHE_FLAG 1
 #endif
 
-/* windows 2k+ imports */
-typedef BOOL (WINAPI *LPFN_CryptAcquireCertificatePrivateKey) (PCCERT_CONTEXT,
-		DWORD, void *, HCRYPTPROV *, DWORD *, BOOL*);
-typedef BOOL (WINAPI *LPFN_CertCloseStore) (HCERTSTORE, DWORD);
-typedef PCCERT_CONTEXT (WINAPI *LPFN_CertFindCertificateInStore) (HCERTSTORE, 
-		DWORD, DWORD, DWORD, const void*, PCCERT_CONTEXT);
-typedef BOOL (WINAPI *LPFN_CertFreeCertificateContext) (PCCERT_CONTEXT);
-typedef HCERTSTORE (WINAPI *LPFN_CertOpenStore) (LPCSTR, DWORD, HCRYPTPROV, 
-		DWORD, const void*);
+/* Windows 2k+ imports. */
+typedef BOOL(WINAPI *LPFN_CryptAcquireCertificatePrivateKey)(PCCERT_CONTEXT,
+		DWORD, void *, HCRYPTPROV *, DWORD *, BOOL *);
+typedef BOOL(WINAPI *LPFN_CertCloseStore)(HCERTSTORE, DWORD);
+typedef PCCERT_CONTEXT(WINAPI *LPFN_CertFindCertificateInStore)(HCERTSTORE,
+		DWORD, DWORD, DWORD, const void *, PCCERT_CONTEXT);
+typedef BOOL(WINAPI *LPFN_CertFreeCertificateContext)(PCCERT_CONTEXT);
+typedef HCERTSTORE(WINAPI *LPFN_CertOpenStore)(LPCSTR, DWORD, HCRYPTPROV,
+		DWORD, const void *);
 
 // NT4SP3+ WINME or 95+ w/ IE5+
-static LPFN_CryptAcquireCertificatePrivateKey 
-	fnCryptAcquireCertificatePrivateKey; 
+static LPFN_CryptAcquireCertificatePrivateKey
+		fnCryptAcquireCertificatePrivateKey;
 // osr2+ NT4SP3+ or NT4 w/ IE3.02:
 static LPFN_CertCloseStore fnCertCloseStore;
 static LPFN_CertFindCertificateInStore fnCertFindCertificateInStore;
@@ -74,7 +71,7 @@ static LPFN_CertOpenStore fnCertOpenStor
 /* global variable: handle to crypt32.dll */
 static HMODULE hCrypt32 = INVALID_HANDLE_VALUE;
 
-#else /* defined(__CYGWIN__) */
+#else /* !defined(__CYGWIN__) */
 
 #include <malloc.h>
 #include <string.h>
@@ -84,7 +81,7 @@ static HMODULE hCrypt32 = INVALID_HANDLE
 #define CALG_DESX (0x6604)
 #define CALG_AES_256 (0x6610)
 
-#endif /* defined(__CYGWIN__) */
+#endif /* !defined(__CYGWIN__) */
 
 /* This must be after windows.h include. */
 #include "types.h"
@@ -92,25 +89,22 @@ static HMODULE hCrypt32 = INVALID_HANDLE
 typedef struct {
 #ifdef __CYGWIN__
 	HCERTSTORE hSystemStore;
-#else
-	int nothing; /* unused */
-#endif /* defined(__CYGWIN__) */
+#else /* !defined(__CYGWIN__) */
+	int nothing;		/* unused */
+#endif /* !defined(__CYGWIN__) */
 } DECRYPT_SESSION;
 
 typedef struct {
 	u64 desx_key[3];
 	u8 *key_data;
 	u32 alg_id;
-	gcry_cipher_hd_t gcry_cipher_hd; // handle to the decrypted FEK.
-	gcry_sexp_t sexp_key;  // the user's RSA key.
-#ifdef USE_CRYPTOAPI_RSA
-	HCRYPTKEY hCryptKey;
-#endif /* defined(__CYGWIN__) */
+	gcry_cipher_hd_t gcry_cipher_hd;
+	gcry_sexp_t sexp_key;	// the user's RSA key.
 } DECRYPT_KEY;
 
 /* DESX-MS128 implementation for libgcrypt. */
-static gcry_module_t	desx_module;
-static int		desx_algorithm_id = -1;
+static gcry_module_t desx_module;
+static int desx_algorithm_id = -1;
 
 typedef struct desx_ctx {
 	gcry_cipher_hd_t gcry_cipher_hd;
@@ -152,13 +146,13 @@ static void desx_key_expand(const u8 *sr
 	MD5_Update(&ctx2, salt2, salt_len);
 	MD5_Final(md, &ctx2);
 	memcpy(out_whitening, md, 8);
-	memcpy(in_whitening, md+8, 8);
+	memcpy(in_whitening, md + 8, 8);
 }
 
 static gcry_err_code_t do_desx_setkey(void *context, const u8 *key,
 		unsigned keylen)
 {
-	struct desx_ctx *ctx = (desx_ctx *)context;
+	struct desx_ctx *ctx = (desx_ctx*)context;
 	gcry_error_t err;
 	u8 des_key[8];
 
@@ -166,89 +160,73 @@ static gcry_err_code_t do_desx_setkey(vo
 		fprintf(stderr, "not 16\n");
 		return GPG_ERR_INV_KEYLEN;
 	}
-
 	if ((err = gcry_cipher_open(&ctx->gcry_cipher_hd, GCRY_CIPHER_DES,
-				GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR)
+			GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR)
 		return err;
-
-	if ((err = gcry_cipher_reset(ctx->gcry_cipher_hd))) {
+	if ((err = gcry_cipher_reset(ctx->gcry_cipher_hd)))
 		fprintf(stderr, "err is %u.\n", err);
-	}
-
 	desx_key_expand(key, ctx->in_whitening, ctx->out_whitening, des_key);
-
-/*
+#if 0
 	fprintf(stderr, "expanded keys (hex) =\n\t0x%llx (des)\n\t"
 			"0x%llx (in-whitening)\n\t"
 			"0x%llx (out-whitening)\n", *(u64*)des_key,
 			*(u64*)ctx->in_whitening, *(u64*)ctx->out_whitening);
-*/
-
+#endif
 	if ((err = gcry_cipher_setkey(ctx->gcry_cipher_hd, des_key, 8))) {
 		fprintf(stderr, "do_desx_setkey: error %u.\n", err);
 		// TODO: destroy gcry_cipher_hd
 	}
-
 	return GPG_ERR_NO_ERROR;
 }
 
 static void do_desx_decrypt(void *context, u8 *outbuf, const u8 *inbuf)
 {
-	struct desx_ctx *ctx = (desx_ctx *)context;
+	struct desx_ctx *ctx = (desx_ctx*)context;
 	gcry_error_t err;
 	u8 buf[8];
 
-	*((unsigned long long *)buf) = *((const unsigned long long *)inbuf)
-			^ *(const unsigned long long *)ctx->out_whitening;
-
-	if ((err = gcry_cipher_encrypt(ctx->gcry_cipher_hd,
-				outbuf, 8, buf, 8))) {
+	*((u64*)buf) = *((const u64*)inbuf) ^ *(const u64*)ctx->out_whitening;
+	if ((err = gcry_cipher_encrypt(ctx->gcry_cipher_hd, outbuf, 8, buf, 8)))
 		fprintf(stderr, "desx decryption failed: %u.\n", err);
-	}
-
-	*((unsigned long long *)outbuf) ^= *(const unsigned long long *)
-				ctx->in_whitening;
+	*((u64*)outbuf) ^= *(const u64*)ctx->in_whitening;
 }
 
 static gcry_cipher_spec_t cipher = {
 	.name = "DES-X-MS128",
 	.blocksize = 8,
 	.keylen = 128,
-	.contextsize = sizeof (struct desx_ctx),
+	.contextsize = sizeof(struct desx_ctx),
 	.setkey = do_desx_setkey,
 	.decrypt = do_desx_decrypt,
 };
 
 #ifdef __CYGWIN__
-
 static int cryptoAPI_init_imports(void)
 {
 	if (hCrypt32 == INVALID_HANDLE_VALUE)
 		hCrypt32 = LoadLibrary("crypt32.dll");
-
 	if (!fnCryptAcquireCertificatePrivateKey)
-		fnCryptAcquireCertificatePrivateKey = 
-			(LPFN_CryptAcquireCertificatePrivateKey)
-			GetProcAddress(hCrypt32,
-			"CryptAcquireCertificatePrivateKey");
+		fnCryptAcquireCertificatePrivateKey =
+				(LPFN_CryptAcquireCertificatePrivateKey)
+				GetProcAddress(hCrypt32,
+				"CryptAcquireCertificatePrivateKey");
 	if (!fnCertCloseStore)
 		fnCertCloseStore = (LPFN_CertCloseStore)
-			GetProcAddress(hCrypt32, "CertCloseStore");
+				GetProcAddress(hCrypt32, "CertCloseStore");
 	if (!fnCertFindCertificateInStore)
-		fnCertFindCertificateInStore = 
-			(LPFN_CertFindCertificateInStore)
-			GetProcAddress(hCrypt32, "CertFindCertificateInStore");
+		fnCertFindCertificateInStore = (LPFN_CertFindCertificateInStore)
+				GetProcAddress(hCrypt32,
+				"CertFindCertificateInStore");
 	if (!fnCertFreeCertificateContext)
-		fnCertFreeCertificateContext = 
-			(LPFN_CertFreeCertificateContext)
-			GetProcAddress(hCrypt32, "CertFreeCertificateContext");
+		fnCertFreeCertificateContext = (LPFN_CertFreeCertificateContext)
+				GetProcAddress(hCrypt32,
+				"CertFreeCertificateContext");
 	if (!fnCertOpenStore)
-		fnCertOpenStore = (LPFN_CertOpenStore)
-			GetProcAddress(hCrypt32, "CertOpenStore");
-
+		fnCertOpenStore = (LPFN_CertOpenStore)GetProcAddress(hCrypt32,
+				"CertOpenStore");
 	return fnCryptAcquireCertificatePrivateKey && fnCertCloseStore &&
-		fnCertFindCertificateInStore &&
-		fnCertFreeCertificateContext && fnCertOpenStore;
+		fnCertFindCertificateInStore && fnCertFreeCertificateContext &&
+		fnCertOpenStore;
 }
 #endif /* defined(__CYGWIN__) */
 
@@ -256,14 +234,17 @@ static int cryptoAPI_init_imports(void)
 
 #ifdef DO_CRYPTO_TESTS
 /* Do not remove this test code from this file! AIA */
-static BOOL desx_key_expand_test(void) {
+static BOOL desx_key_expand_test(void)
+{
 	const u8 known_desx_on_disk_key[16] = {
-			0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
-			0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30 };
+		0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
+		0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30
+	};
 	const u8 known_desx_expanded_key[24] = {
-			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
-			0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
-			0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e };
+		0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
+		0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
+		0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e
+	};
 	u8 test_desx_expanded_key[24];
 	int res;
 
@@ -271,17 +252,21 @@ static BOOL desx_key_expand_test(void) {
 	res = !memcmp(test_desx_expanded_key, known_desx_expanded_key,
 			sizeof(known_desx_expanded_key));
 	fprintf(stderr, "Testing whether desx_key_expand() works: %s\n",
-		res ? "SUCCESS" : "FAILED");
+			res ? "SUCCESS" : "FAILED");
 	return res;
 }
 
-static BOOL des_test(void) {
+static BOOL des_test(void)
+{
 	const u8 known_des_key[8] = {
-			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f };
+		0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f
+	};
 	const u8 known_des_encrypted_data[8] = {
-			0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f };
+		0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f
+	};
 	const u8 known_decrypted_data[8] = {
-			0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09 };
+		0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09
+	};
 	u8 test_decrypted_data[8];
 	int res;
 	gcry_error_t gcry_error2;
@@ -293,8 +278,8 @@ static BOOL des_test(void) {
 				"%u).\n", gcry_error2);
 		return FALSE;
 	}
-	if ((gcry_error2 = gcry_cipher_setkey(gcry_cipher_hd,
-			known_des_key, sizeof(known_des_key)))) {
+	if ((gcry_error2 = gcry_cipher_setkey(gcry_cipher_hd, known_des_key,
+			sizeof(known_des_key)))) {
 		fprintf(stderr, "Failed to set des key (gcry_error2 is %u).\n",
 				gcry_error2);
 		gcry_cipher_close(gcry_cipher_hd);
@@ -302,10 +287,11 @@ static BOOL des_test(void) {
 	}
 	memcpy(test_decrypted_data, known_des_encrypted_data,
 			sizeof(known_des_encrypted_data));
-	/* Apply DES decyption. */
-	gcry_error2 = gcry_cipher_decrypt(gcry_cipher_hd,
-			test_decrypted_data, sizeof(test_decrypted_data),
-			NULL, 0);
+	/*
+	 * Apply DES decyption (ntfs actually uses encryption when decrypting).
+	 */
+	gcry_error2 = gcry_cipher_encrypt(gcry_cipher_hd, test_decrypted_data,
+			sizeof(test_decrypted_data), NULL, 0);
 	gcry_cipher_close(gcry_cipher_hd);
 	if (gcry_error2) {
 		fprintf(stderr, "Failed to des decrypt test data (gcry_error2 "
@@ -315,27 +301,30 @@ static BOOL des_test(void) {
 	res = !memcmp(test_decrypted_data, known_decrypted_data,
 			sizeof(known_decrypted_data));
 	fprintf(stderr, "Testing whether des decryption works: %s\n",
-		res ? "SUCCESS" : "FAILED");
+			res ? "SUCCESS" : "FAILED");
 	return res;
 }
 
-#else
+#else /* !defined(DO_CRYPTO_TESTS) */
 
-static inline BOOL desx_key_expand_test(void) {
+static inline BOOL desx_key_expand_test(void)
+{
 	return TRUE;
 }
 
-static inline BOOL des_test(void) {
+static inline BOOL des_test(void)
+{
 	return TRUE;
 }
 
-#endif
+#endif /* !defined(DO_CRYPTO_TESTS) */
 
-decrypt_session *decrypt_open(void) {
+decrypt_session *decrypt_open(void)
+{
 	decrypt_session *session;
 
 	/* TODO: refcount 'module' */
-	if (desx_algorithm_id==-1) {
+	if (desx_algorithm_id == -1) {
 		if (!desx_key_expand_test())
 			return NULL;
 		if (!des_test())
@@ -344,7 +333,6 @@ decrypt_session *decrypt_open(void) {
 				&desx_module))
 			return NULL;
 	}
-
 	//fprintf(stderr, "desx_algorithm_id: %d\n", desx_algorithm_id);
 
 	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
@@ -358,49 +346,50 @@ decrypt_session *decrypt_open(void) {
 		return NULL;
 	}
 
-	if (!(hSystemStore = fnCertOpenStore(((LPCSTR)CERT_STORE_PROV_SYSTEM),
-			0, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER,
+	if (!(hSystemStore = fnCertOpenStore(((LPCSTR) CERT_STORE_PROV_SYSTEM),
+			0, (HCRYPTPROV) NULL, CERT_SYSTEM_STORE_CURRENT_USER,
 			L"MY"))) {
 		fprintf(stderr, "Could not open system store.\n");
 		errno = -1;
 		return NULL;
 	}
 #endif /* defined(__CYGWIN__) */
-
-	session = (decrypt_session *)malloc(sizeof(DECRYPT_SESSION));
+	session = (decrypt_session*)malloc(sizeof(DECRYPT_SESSION));
 #ifdef __CYGWIN__
 	((DECRYPT_SESSION *)session)->hSystemStore = hSystemStore;
 #endif /* defined(__CYGWIN__) */
 	return session;
 }
 
-void decrypt_close(decrypt_session *session) {
+void decrypt_close(decrypt_session *session)
+{
 #ifdef __CYGWIN__
-	if (((DECRYPT_SESSION *)session)->hSystemStore)
-		fnCertCloseStore(((DECRYPT_SESSION *)session)->hSystemStore,
-					CERT_CLOSE_STORE_CHECK_FLAG);
+	if (((DECRYPT_SESSION*)session)->hSystemStore)
+		fnCertCloseStore(((DECRYPT_SESSION*)session)->hSystemStore,
+				CERT_CLOSE_STORE_CHECK_FLAG);
 	/* fixme: racy */
 	FreeLibrary(hCrypt32);
 	hCrypt32 = INVALID_HANDLE_VALUE;
 #endif /* defined(__CYGWIN__) */
-
 	free(session);
 }
 
-static inline void reverse_buffer(unsigned char *buf, unsigned int buf_size) {
-    unsigned char t;
-    unsigned int i;
-
-    for (i=0; i<buf_size/2; i++) {
-        t = buf[i];
-        buf[i] = buf[buf_size-i-1];
-        buf[buf_size-i-1] = t;
-    }
+static inline void reverse_buffer(unsigned char *buf, unsigned int buf_size)
+{
+	unsigned char t;
+	unsigned int i;
+
+	for (i = 0; i < buf_size / 2; i++) {
+		t = buf[i];
+		buf[i] = buf[buf_size - i - 1];
+		buf[buf_size - i - 1] = t;
+	}
 }
 
-decrypt_key *decrypt_user_key_open(decrypt_session *session
-			__attribute__((unused)),
-			int thumb_size, void *thumb_print) {
+decrypt_key *decrypt_user_key_open(
+		decrypt_session *session __attribute__ ((unused)),
+		int thumb_size, void *thumb_print)
+{
 #ifdef __CYGWIN__
 	CRYPT_HASH_BLOB hash_blob;
 	HCRYPTPROV hCryptProv;
@@ -411,116 +400,92 @@ decrypt_key *decrypt_user_key_open(decry
 	DWORD dwKeySpec;
 	DWORD key_size;
 	BYTE key_blob[1000];
+	RSAPUBKEY *rsa_pub_key;
+	gcry_ac_handle_t gcry_handle;
+	unsigned char *mpi_data;
+	gcry_mpi_t n, e, d, p, q, u;
+	gcry_sexp_t sexp_key;
+	gcry_error_t err;
+	size_t size;
+	int rc;
 
 	hash_blob.cbData = thumb_size;
 	hash_blob.pbData = thumb_print;
 
 	if (!(pCert = fnCertFindCertificateInStore(
-				((DECRYPT_SESSION *)session)->hSystemStore,
-				(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING),
-				0, CERT_FIND_HASH, &hash_blob, NULL))) {
+			((DECRYPT_SESSION*)session)->hSystemStore,
+			(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING), 0,
+			CERT_FIND_HASH, &hash_blob, NULL))) {
 		fprintf(stderr, "Could not find cert in store.\n");
 		goto decrypt_key_open_err;
 	}
-
 	dwKeySpec = AT_KEYEXCHANGE;
 	if (!fnCryptAcquireCertificatePrivateKey(pCert,
-				CRYPT_ACQUIRE_CACHE_FLAG, NULL,
-				&hCryptProv, &dwKeySpec,
-				&fCallerFreeProv)) {
+			CRYPT_ACQUIRE_CACHE_FLAG, NULL, &hCryptProv,
+			&dwKeySpec, &fCallerFreeProv)) {
 		fprintf(stderr, "Could not aquire private key from cert.\n");
 		goto decrypt_key_open_err;
 	}
-
 	if (!CryptGetUserKey(hCryptProv, AT_KEYEXCHANGE, &hCryptKey)) {
 		fprintf(stderr, "Could not aquire user key.\n");
 		goto decrypt_key_open_err;
 	}
-
 	key_size = sizeof(key_blob);
-	if (!CryptExportKey(hCryptKey, 0, PRIVATEKEYBLOB, 0, key_blob, &key_size)) {
+	if (!CryptExportKey(hCryptKey, 0, PRIVATEKEYBLOB, 0, key_blob,
+			&key_size)) {
 		fprintf(stderr, "Could not export key: Error 0x%x\n",
-					(unsigned int)GetLastError());
+				(unsigned int)GetLastError());
 		errno = -1;
 		return NULL;
 	}
-
-	if (!(key = (decrypt_key *)malloc(sizeof(DECRYPT_KEY))))
+	if (!(key = (decrypt_key*)malloc(sizeof(DECRYPT_KEY))))
 		goto decrypt_key_open_err;
-
-#ifdef USE_CRYPTOAPI_RSA
-	((DECRYPT_KEY *)key)->hCryptKey = hCryptKey;
-#else
-	RSAPUBKEY *rsa_pub_key = (RSAPUBKEY *)(key_blob + sizeof(PUBLICKEYSTRUC));
-	gcry_ac_handle_t gcry_handle;
-	unsigned char *mpi_data;
-	gcry_mpi_t n,e,d,p,q,u;
-	gcry_sexp_t sexp_key;
-	gcry_error_t err;
-	size_t size;
-	int rc;
-
 	CryptDestroyKey(hCryptKey);
-
+	rsa_pub_key = (RSAPUBKEY*)(key_blob + sizeof(PUBLICKEYSTRUC));
 	if ((err = gcry_ac_open(&gcry_handle, GCRY_AC_RSA, 0))) {
 		fprintf(stderr, "Could not init gcrypt handle\n");
 		errno = -1;
 		return NULL;
 	}
-
 	e = gcry_mpi_set_ui(NULL, rsa_pub_key->pubexp);
-
 	mpi_data = (key_blob + 0x14);
 	size = rsa_pub_key->bitlen / 8;
 	reverse_buffer(mpi_data, size);
-	if ((rc = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, mpi_data, size, &size))) {
+	if ((rc = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning n.\n");
-	}
-
 	mpi_data += (rsa_pub_key->bitlen / 8);
 	size = rsa_pub_key->bitlen / 16;
 	reverse_buffer(mpi_data, size);
-	if ((rc = gcry_mpi_scan(&q, GCRYMPI_FMT_USG, mpi_data, size, &size))) {
+	if ((rc = gcry_mpi_scan(&q, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning p.\n");
-	}
-
 	mpi_data += (rsa_pub_key->bitlen / 16);
 	size = rsa_pub_key->bitlen / 16;
 	reverse_buffer(mpi_data, size);
-	if ((rc = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, mpi_data, size, &size))) {
+	if ((rc = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning q.\n");
-	}
-
-	mpi_data += (rsa_pub_key->bitlen / 16)*3;
+	mpi_data += (rsa_pub_key->bitlen / 16) * 3;
 	size = rsa_pub_key->bitlen / 16;
 	reverse_buffer(mpi_data, size);
-	if ((rc = gcry_mpi_scan(&u, GCRYMPI_FMT_USG, mpi_data, size, &size))) {
+	if ((rc = gcry_mpi_scan(&u, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning u.\n");
-	}
 
 	mpi_data += (rsa_pub_key->bitlen / 16);
 	size = rsa_pub_key->bitlen / 8;
 	reverse_buffer(mpi_data, size);
-	if ((rc = gcry_mpi_scan(&d, GCRYMPI_FMT_USG, mpi_data, size, &size))) {
+	if ((rc = gcry_mpi_scan(&d, GCRYMPI_FMT_USG, mpi_data, size, &size)))
 		fprintf(stderr, "error scanning d.\n");
-	}
-
-	if ((rc = gcry_sexp_build(&sexp_key, NULL,
-			"(private-key (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m)))",
-			n, e, d, p, q, u))) {
-		fprintf(stderr, "Could build sexp from data, (error = 0x%x)\n", rc);
+	if ((rc = gcry_sexp_build(&sexp_key, NULL, "(private-key (rsa (n %m) "
+			"(e %m) (d %m) (p %m) (q %m) (u %m)))", n, e, d, p, q,
+			u))) {
+		fprintf(stderr, "Could build sexp from data, (error = 0x%x)\n",
+				rc);
 		errno = -1;
 		return FALSE;
 	}
-
-	((DECRYPT_KEY *)key)->sexp_key = sexp_key;
-
+	((DECRYPT_KEY*)key)->sexp_key = sexp_key;
 	// todo: release all
-#endif
 	return key;
-
-decrypt_key_open_err:
-
+decrypt_key_open_err: 
 	if (hCryptKey)
 		CryptDestroyKey(hCryptKey);
 	if (pCert)
@@ -530,11 +495,11 @@ decrypt_key_open_err:
 	return NULL;
 }
 
-void decrypt_user_key_close(decrypt_key *key) {
-	DECRYPT_KEY *dkey = (DECRYPT_KEY *)key;
+void decrypt_user_key_close(decrypt_key *key)
+{
+	DECRYPT_KEY *dkey = (DECRYPT_KEY*)key;
 	if (dkey->gcry_cipher_hd)
 		gcry_cipher_close(dkey->gcry_cipher_hd);
-
 	free(key);
 }
 
@@ -543,20 +508,9 @@ void decrypt_user_key_close(decrypt_key 
  *
  * warning: decrypting into the input buffer!
  */
-unsigned int decrypt_decrypt(decrypt_key *key, unsigned int data_size, 
-					unsigned char *data)
+unsigned int decrypt_decrypt(decrypt_key *key, unsigned int data_size,
+		unsigned char *data)
 {
-#ifdef USE_CRYPTOAPI_RSA
-	DWORD size = data_size;
-
-	if (!CryptDecrypt(((DECRYPT_KEY *)key)->hCryptKey, 0, 
-				TRUE, 0, data, &size)) {
-		errno = -1;
-		return 0;
-	}
-
-	return size;
-#else
 	gcry_sexp_t sexp_plain_data, sexp_enc_data;
 	gcry_ac_handle_t gcry_handle;
 	gcry_mpi_t mpi_buf;
@@ -570,79 +524,74 @@ unsigned int decrypt_decrypt(decrypt_key
 		errno = -1;
 		return FALSE;
 	}
-
-	if ((rc = gcry_ac_data_new(&in))) {
+	if ((rc = gcry_ac_data_new(&in)))
 		fprintf(stderr, "error allocating 'in'.\n");
-	}
 
 	reverse_buffer(data, data_size);
 
 	size = data_size;
-	if ((rc = gcry_mpi_scan(&mpi_buf, GCRYMPI_FMT_USG, data, (size_t)data_size, &size))) {
+	if ((rc = gcry_mpi_scan(&mpi_buf, GCRYMPI_FMT_USG, data,
+			(size_t)data_size, &size)))
 		fprintf(stderr, "error scanning 'in'.\n");
-	}
-
-	if ((rc = gcry_sexp_build(&sexp_enc_data, &size, "(enc-val (flags) (rsa (a %m)))", mpi_buf))) {
-		fprintf(stderr, "Could build sexp from data, (error = 0x%x)\n", rc);
+	if ((rc = gcry_sexp_build(&sexp_enc_data, &size, "(enc-val (flags) "
+			"(rsa (a %m)))", mpi_buf))) {
+		fprintf(stderr, "Could build sexp from data, (error = 0x%x)\n",
+				rc);
 		errno = -1;
 		return FALSE;
 	}
-
-	if ((rc = gcry_pk_decrypt(&sexp_plain_data, sexp_enc_data, ((DECRYPT_KEY *)key)->sexp_key))) {
-		fprintf(stderr, "Could not decrypt fek via s-exp, (error = 0x%x)\n", rc);
+	if ((rc = gcry_pk_decrypt(&sexp_plain_data, sexp_enc_data,
+			((DECRYPT_KEY*)key)->sexp_key))) {
+		fprintf(stderr, "Could not decrypt fek via s-exp, (error = "
+				"0x%x)\n", rc);
 		errno = -1;
 		return FALSE;
 	}
-
 	sexp_plain_data = gcry_sexp_find_token(sexp_plain_data, "value", 0);
 	if (!mpi_buf) {
-		fprintf(stderr, "Could find value in s-exp, (error = 0x%x)\n", rc);
+		fprintf(stderr, "Could find value in s-exp, (error = 0x%x)\n",
+				rc);
 		errno = -1;
 		return FALSE;
 	}
-
 	mpi_buf = gcry_sexp_nth_mpi(sexp_plain_data, 1, GCRYMPI_FMT_USG);
 
-	if ((rc = gcry_mpi_print(GCRYMPI_FMT_USG, data, data_size, &size, mpi_buf))) {
-		fprintf(stderr, "Could copy decrypted data back, (error = 0x%x)\n", rc);
+	if ((rc = gcry_mpi_print(GCRYMPI_FMT_USG, data, data_size, &size,
+			mpi_buf))) {
+		fprintf(stderr, "Could copy decrypted data back, (error = "
+				"0x%x)\n", rc);
 		errno = -1;
 		return FALSE;
 	}
-
 	// remove the pkcs1 padding
-	for (padding_length = 1;(padding_length<size) && data[padding_length];
-		padding_length++);
+	for (padding_length = 1; (padding_length < size) &&
+			data[padding_length]; padding_length++)
+		;
 	padding_length++;
-	for (i = 0;i+padding_length<size;i++) // todo: should memcpy fit? (overlapping)
-		data[i]=data[padding_length+i];
-
+	// todo: should memcpy fit? (overlapping)
+	for (i = 0; i + padding_length < size; i++)
+		data[i] = data[padding_length + i];
 	// todo: mpi_buf->data
 	// todo: release all
 	gcry_ac_data_destroy(in);
-
 	return size - padding_length;
-#endif // USER_CRYPTOAPI_RSA (else)
 }
 
 unsigned int decrypt_decrypt_sector(decrypt_key *key, void *data,
-			unsigned long long offset) {
+		unsigned long long offset)
+{
 	gcry_error_t err;
-	DECRYPT_KEY *dkey = (DECRYPT_KEY *)key;
+	DECRYPT_KEY *dkey = (DECRYPT_KEY*)key;
 
-	if ((err = gcry_cipher_reset(dkey->gcry_cipher_hd))) {
+	if ((err = gcry_cipher_reset(dkey->gcry_cipher_hd)))
 		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
-	}
-
 	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
 	// doing it by hand after the decryption?
 	// It wants iv length 8 but we give it 16 for AES256 so it does not
 	// like it...
-
-	if ((err = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
-				data, 512, NULL, 0))) {
+	if ((err = gcry_cipher_decrypt(dkey->gcry_cipher_hd, data, 512, NULL,
+			0)))
 		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
-	}
-
 	/* Apply the IV. */
 	if (dkey->alg_id == CALG_AES_256) {
 		((u64*)data)[0] ^= 0x5816657be9161312LL + offset;
@@ -654,39 +603,41 @@ unsigned int decrypt_decrypt_sector(decr
 	return 512;
 }
 
-decrypt_key *decrypt_make_key(decrypt_session *session __attribute__((unused)), 
-		unsigned int data_size __attribute__((unused)),
-		unsigned char *data) {
+decrypt_key *decrypt_make_key(decrypt_session *session __attribute__ ((unused)),
+		unsigned int data_size __attribute__ ((unused)),
+		unsigned char *data)
+{
 	DECRYPT_KEY *key;
 	unsigned int key_size, gcry_algo;
 	gcry_error_t err;
 
 	key_size = *(u32*)data;
 
-	if (!(key = (DECRYPT_KEY *)malloc(sizeof(DECRYPT_KEY)))) {
+	if (!(key = (DECRYPT_KEY*)malloc(sizeof(DECRYPT_KEY)))) {
 		errno = -1;
 		return NULL;
 	}
-
 	key_size = *(u32*)data;
 	key->alg_id = *(u32*)(data + 8);
 	key->key_data = data + 16;
 
 	switch (key->alg_id) {
 	case CALG_DESX:
-		fprintf(stderr, "DESX key of %u bytes\n", key_size);
+		//fprintf(stderr, "DESX key of %u bytes\n", key_size);
 		gcry_algo = desx_algorithm_id;
 		break;
 	case CALG_3DES:
-		fprintf(stderr, "3DES Key of %u bytes\n", key_size);
-		gcry_algo = GCRY_CIPHER_3DES; 
+		//fprintf(stderr, "3DES Key of %u bytes\n", key_size);
+		gcry_algo = GCRY_CIPHER_3DES;
 		break;
 	case CALG_AES_256:
-		fprintf(stderr, "AES Key of %u bytes\n", key_size);
+		//fprintf(stderr, "AES Key of %u bytes\n", key_size);
 		gcry_algo = GCRY_CIPHER_AES256;
 		break;
 	default:
 		fprintf(stderr, "DES key of %u bytes\n", key_size);
+		fprintf(stderr, "This probably will not work...  "
+				"It is completely untested.\n");
 		gcry_algo = GCRY_CIPHER_DES;
 		break;
 	}
@@ -697,8 +648,7 @@ decrypt_key *decrypt_make_key(decrypt_se
 		return 0;
 	}
 	if ((err = gcry_cipher_setkey(key->gcry_cipher_hd, key->key_data,
-							key_size))) {
+			key_size)))
 		fprintf(stderr, "gcry_cipher_setkey failed with 0x%x.\n", err);
-	}
-	return (decrypt_key *)key;
+	return (decrypt_key*)key;
 }

Index: decrypt.h
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- decrypt.h	24 Jul 2005 14:42:43 -0000	1.2
+++ decrypt.h	27 Jul 2005 10:30:57 -0000	1.3
@@ -27,16 +27,16 @@ typedef void *decrypt_session;
 typedef void *decrypt_key;
 
 extern decrypt_session *decrypt_open(void);
-extern void decrypt_close(decrypt_session *session);
-extern decrypt_key *decrypt_user_key_open(decrypt_session *session, 
-			int thumb_size, void *thumb_print);
-extern void decrypt_user_key_close(decrypt_key *key);
-extern unsigned int decrypt_decrypt(decrypt_key *key, unsigned int data_size, 
-					unsigned char *data);
-extern unsigned int decrypt_decrypt_sector(decrypt_key *key, void *data,
-			unsigned long long offset);
-extern decrypt_key *decrypt_make_key(decrypt_session *session,
-			unsigned int data_size, unsigned char *data);
-extern int decrypt_get_block_size(decrypt_key *key);
+extern void decrypt_close(decrypt_session * session);
+extern decrypt_key *decrypt_user_key_open(decrypt_session * session,
+		int thumb_size, void *thumb_print);
+extern void decrypt_user_key_close(decrypt_key * key);
+extern unsigned int decrypt_decrypt(decrypt_key * key, unsigned int data_size,
+		unsigned char *data);
+extern unsigned int decrypt_decrypt_sector(decrypt_key * key, void *data,
+		unsigned long long offset);
+extern decrypt_key *decrypt_make_key(decrypt_session * session,
+		unsigned int data_size, unsigned char *data);
+extern int decrypt_get_block_size(decrypt_key * key);
 
 #endif /* defined _NTFS_DECRYPT_H */

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.10,1.11

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24187

Modified Files:
	decrypt.c 
Log Message:
decrypt.c:
- Finally working desx decryption thanks to Yuval figuring out that ntfs uses
  des encryption when decrypting!!!  (Yuval)
- Make it compile on Linux.  (Anton)
- Add CALG_DES constant for Linux.  (Anton)


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- decrypt.c	26 Jul 2005 16:35:00 -0000	1.10
+++ decrypt.c	27 Jul 2005 09:18:26 -0000	1.11
@@ -2,6 +2,7 @@
  * decrypt.c - Part of the Linux-NTFS project.
  *
  * Copyright (c) 2005 Yuval Fledel
+ * Copyright (c) 2005 Anton Altaparmakov
  *
  * $EFS decryption routines.
  *
@@ -77,7 +78,8 @@ static HMODULE hCrypt32 = INVALID_HANDLE
 
 #include <malloc.h>
 #include <string.h>
-/* If not one of the below three, use standard Des. */
+#define CALG_DES (0x6601)
+/* If not one of the below three, fall back to standard Des. */
 #define CALG_3DES (0x6603)
 #define CALG_DESX (0x6604)
 #define CALG_AES_256 (0x6610)
@@ -106,6 +108,117 @@ typedef struct {
 #endif /* defined(__CYGWIN__) */
 } DECRYPT_KEY;
 
+/* DESX-MS128 implementation for libgcrypt. */
+static gcry_module_t	desx_module;
+static int		desx_algorithm_id = -1;
+
+typedef struct desx_ctx {
+	gcry_cipher_hd_t gcry_cipher_hd;
+	u8 in_whitening[8], out_whitening[8];
+} desx_ctx;
+
+/**
+ * desx_key_expand - expand a 128-bit desx key to the needed 192-bit key
+ * @src:	source buffer containing 128-bit key
+ * @dst:	destination buffer to write 192-bit key to
+ *
+ * Expands the on-disk 128-bit desx key to the needed full 192-bit desx key
+ * required to perform desx {de,en}cryption.
+ *
+ * FIXME: Is this endianness safe?  I think so but I may be wrong...
+ */
+static void desx_key_expand(const u8 *src, u8 *in_whitening, u8 *out_whitening,
+		u8 *des_key)
+{
+	static const int salt_len = 12;
+	static const u8 *salt1 = "Dan Simon  ";
+	static const u8 *salt2 = "Scott Field";
+	u8 md[16];
+	MD5_CTX ctx1, ctx2;
+
+	MD5_Init(&ctx1);
+
+	/* Hash the on-disk key. */
+	MD5_Update(&ctx1, src, 128 / 8);
+	memcpy(&ctx2, &ctx1, sizeof(ctx1));
+
+	/* Hash with the first salt and store the result. */
+	MD5_Update(&ctx1, salt1, salt_len);
+	MD5_Final(md, &ctx1);
+	((u32*)des_key)[0] = ((u32*)md)[0] ^ ((u32*)md)[1];
+	((u32*)des_key)[1] = ((u32*)md)[2] ^ ((u32*)md)[3];
+
+	/* Hash with the second salt and store the result. */
+	MD5_Update(&ctx2, salt2, salt_len);
+	MD5_Final(md, &ctx2);
+	memcpy(out_whitening, md, 8);
+	memcpy(in_whitening, md+8, 8);
+}
+
+static gcry_err_code_t do_desx_setkey(void *context, const u8 *key,
+		unsigned keylen)
+{
+	struct desx_ctx *ctx = (desx_ctx *)context;
+	gcry_error_t err;
+	u8 des_key[8];
+
+	if (keylen != 16) {
+		fprintf(stderr, "not 16\n");
+		return GPG_ERR_INV_KEYLEN;
+	}
+
+	if ((err = gcry_cipher_open(&ctx->gcry_cipher_hd, GCRY_CIPHER_DES,
+				GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR)
+		return err;
+
+	if ((err = gcry_cipher_reset(ctx->gcry_cipher_hd))) {
+		fprintf(stderr, "err is %u.\n", err);
+	}
+
+	desx_key_expand(key, ctx->in_whitening, ctx->out_whitening, des_key);
+
+/*
+	fprintf(stderr, "expanded keys (hex) =\n\t0x%llx (des)\n\t"
+			"0x%llx (in-whitening)\n\t"
+			"0x%llx (out-whitening)\n", *(u64*)des_key,
+			*(u64*)ctx->in_whitening, *(u64*)ctx->out_whitening);
+*/
+
+	if ((err = gcry_cipher_setkey(ctx->gcry_cipher_hd, des_key, 8))) {
+		fprintf(stderr, "do_desx_setkey: error %u.\n", err);
+		// TODO: destroy gcry_cipher_hd
+	}
+
+	return GPG_ERR_NO_ERROR;
+}
+
+static void do_desx_decrypt(void *context, u8 *outbuf, const u8 *inbuf)
+{
+	struct desx_ctx *ctx = (desx_ctx *)context;
+	gcry_error_t err;
+	u8 buf[8];
+
+	*((unsigned long long *)buf) = *((const unsigned long long *)inbuf)
+			^ *(const unsigned long long *)ctx->out_whitening;
+
+	if ((err = gcry_cipher_encrypt(ctx->gcry_cipher_hd,
+				outbuf, 8, buf, 8))) {
+		fprintf(stderr, "desx decryption failed: %u.\n", err);
+	}
+
+	*((unsigned long long *)outbuf) ^= *(const unsigned long long *)
+				ctx->in_whitening;
+}
+
+static gcry_cipher_spec_t cipher = {
+	.name = "DES-X-MS128",
+	.blocksize = 8,
+	.keylen = 128,
+	.contextsize = sizeof (struct desx_ctx),
+	.setkey = do_desx_setkey,
+	.decrypt = do_desx_decrypt,
+};
+
 #ifdef __CYGWIN__
 
 static int cryptoAPI_init_imports(void)
@@ -139,9 +252,101 @@ static int cryptoAPI_init_imports(void)
 }
 #endif /* defined(__CYGWIN__) */
 
+//#define DO_CRYPTO_TESTS 1
+
+#ifdef DO_CRYPTO_TESTS
+/* Do not remove this test code from this file! AIA */
+static BOOL desx_key_expand_test(void) {
+	const u8 known_desx_on_disk_key[16] = {
+			0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
+			0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30 };
+	const u8 known_desx_expanded_key[24] = {
+			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
+			0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
+			0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e };
+	u8 test_desx_expanded_key[24];
+	int res;
+
+	desx_key_expand(known_desx_on_disk_key, test_desx_expanded_key);
+	res = !memcmp(test_desx_expanded_key, known_desx_expanded_key,
+			sizeof(known_desx_expanded_key));
+	fprintf(stderr, "Testing whether desx_key_expand() works: %s\n",
+		res ? "SUCCESS" : "FAILED");
+	return res;
+}
+
+static BOOL des_test(void) {
+	const u8 known_des_key[8] = {
+			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f };
+	const u8 known_des_encrypted_data[8] = {
+			0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f };
+	const u8 known_decrypted_data[8] = {
+			0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09 };
+	u8 test_decrypted_data[8];
+	int res;
+	gcry_error_t gcry_error2;
+	gcry_cipher_hd_t gcry_cipher_hd;
+
+	if ((gcry_error2 = gcry_cipher_open(&gcry_cipher_hd, GCRY_CIPHER_DES,
+			GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "Failed to open des cipher (gcry_error2 is "
+				"%u).\n", gcry_error2);
+		return FALSE;
+	}
+	if ((gcry_error2 = gcry_cipher_setkey(gcry_cipher_hd,
+			known_des_key, sizeof(known_des_key)))) {
+		fprintf(stderr, "Failed to set des key (gcry_error2 is %u).\n",
+				gcry_error2);
+		gcry_cipher_close(gcry_cipher_hd);
+		return FALSE;
+	}
+	memcpy(test_decrypted_data, known_des_encrypted_data,
+			sizeof(known_des_encrypted_data));
+	/* Apply DES decyption. */
+	gcry_error2 = gcry_cipher_decrypt(gcry_cipher_hd,
+			test_decrypted_data, sizeof(test_decrypted_data),
+			NULL, 0);
+	gcry_cipher_close(gcry_cipher_hd);
+	if (gcry_error2) {
+		fprintf(stderr, "Failed to des decrypt test data (gcry_error2 "
+				"is %u).\n", gcry_error2);
+		return FALSE;
+	}
+	res = !memcmp(test_decrypted_data, known_decrypted_data,
+			sizeof(known_decrypted_data));
+	fprintf(stderr, "Testing whether des decryption works: %s\n",
+		res ? "SUCCESS" : "FAILED");
+	return res;
+}
+
+#else
+
+static inline BOOL desx_key_expand_test(void) {
+	return TRUE;
+}
+
+static inline BOOL des_test(void) {
+	return TRUE;
+}
+
+#endif
+
 decrypt_session *decrypt_open(void) {
 	decrypt_session *session;
 
+	/* TODO: refcount 'module' */
+	if (desx_algorithm_id==-1) {
+		if (!desx_key_expand_test())
+			return NULL;
+		if (!des_test())
+			return NULL;
+		if (gcry_cipher_register(&cipher, &desx_algorithm_id,
+				&desx_module))
+			return NULL;
+	}
+
+	//fprintf(stderr, "desx_algorithm_id: %d\n", desx_algorithm_id);
+
 	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
 
 #ifdef __CYGWIN__
@@ -419,75 +624,25 @@ unsigned int decrypt_decrypt(decrypt_key
 #endif // USER_CRYPTOAPI_RSA (else)
 }
 
-static BOOL is_first = TRUE;
-
 unsigned int decrypt_decrypt_sector(decrypt_key *key, void *data,
 			unsigned long long offset) {
-	gcry_error_t gcry_error2;
+	gcry_error_t err;
 	DECRYPT_KEY *dkey = (DECRYPT_KEY *)key;
 
+	if ((err = gcry_cipher_reset(dkey->gcry_cipher_hd))) {
+		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
+	}
+
 	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
 	// doing it by hand after the decryption?
 	// It wants iv length 8 but we give it 16 for AES256 so it does not
 	// like it...
 
-	if (dkey->alg_id != CALG_DESX) {
-		if ((gcry_error2 = gcry_cipher_reset(dkey->gcry_cipher_hd)))
-			fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
-		if ((gcry_error2 = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
-				data, 512, NULL, 0)))
-			fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
-	} else {
-		u64 *pos;
-
-		/* Set @pos to last eight bytes of sector @data. */
-		pos = (u64*)(data + 512 - 8);
-		do {
-			if ((gcry_error2 = gcry_cipher_reset(
-					dkey->gcry_cipher_hd)))
-				fprintf(stderr, "gcry_error2 is %u.\n",
-						gcry_error2);
-			if (is_first) {
-				fprintf(stderr, "encrypted data = 0x%llx\n",
-						*pos);
-				fprintf(stderr, "in-whitening = 0x%llx\n",
-						dkey->desx_key[1]);
-			}
-			/* Apply in-whitening. */
-			*pos ^= dkey->desx_key[1];
-			if (is_first)
-				fprintf(stderr, "whitened data = 0x%llx\n",
-						*pos);
-			/* Apply DES decyption. */
-			if ((gcry_error2 = gcry_cipher_decrypt(
-					dkey->gcry_cipher_hd, (u8*)pos, 8,
-					NULL, 0)))
-				fprintf(stderr, "gcry_error2 is %u.\n",
-						gcry_error2);
-			if (is_first) {
-				fprintf(stderr, "data after des = 0x%llx\n",
-						*pos);
-				fprintf(stderr, "out-whitening = 0x%llx\n",
-						dkey->desx_key[2]);
-			}
-			/* Apply out-whitening. */
-			*pos ^= dkey->desx_key[2];
-			if (is_first)
-				fprintf(stderr, "out-whitened data = 0x%llx\n",
-						*pos);
-			if (pos == (u64*)data)
-				break;
-			if (is_first)
-				fprintf(stderr, "next encrypted data = "
-						"0x%llx\n", *(pos - 1));
-			*pos ^= *(pos - 1);
-			if (is_first)
-				fprintf(stderr, "decrypted data = 0x%llx\n",
-						*pos);
-			pos--;
-			is_first = FALSE;
-		} while (1);
+	if ((err = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
+				data, 512, NULL, 0))) {
+		fprintf(stderr, "sector_decrypt: error is %u.\n", err);
 	}
+
 	/* Apply the IV. */
 	if (dkey->alg_id == CALG_AES_256) {
 		((u64*)data)[0] ^= 0x5816657be9161312LL + offset;
@@ -499,126 +654,12 @@ unsigned int decrypt_decrypt_sector(decr
 	return 512;
 }
 
-/**
- * desx_key_expand - expand a 128-bit desx key to the needed 192-bit key
- * @src:	source buffer containing 128-bit key
- * @dst:	destination buffer to write 192-bit key to
- *
- * Expands the on-disk 128-bit desx key to the needed full 192-bit desx key
- * required to perform desx {de,en}cryption.
- *
- * FIXME: Is this endianness safe?  I think so but I may be wrong...
- */
-static void desx_key_expand(const u8 *src, u8* dst) {
-	static const int salt_len = 12;
-	static const u8 *salt1 = "Dan Simon  ";
-	static const u8 *salt2 = "Scott Field";
-	u8 md[16];
-	MD5_CTX ctx1, ctx2;
-
-	MD5_Init(&ctx1);
-
-	/* Hash the on-disk key. */
-	MD5_Update(&ctx1, src, 128 / 8);
-	memcpy(&ctx2, &ctx1, sizeof(ctx1));
-
-	/* Hash with the first salt and store the result. */
-	MD5_Update(&ctx1, salt1, salt_len);
-	MD5_Final(md, &ctx1);
-	((u32*)dst)[0] = ((u32*)md)[0] ^ ((u32*)md)[1];
-	((u32*)dst)[1] = ((u32*)md)[2] ^ ((u32*)md)[3];
-
-	/* Hash with the second salt and store the result. */
-	MD5_Update(&ctx2, salt2, salt_len);
-	MD5_Final(md, &ctx2);
-	memcpy(dst + 8, md, sizeof(md));
-
-	return;
-}
-
-#define DO_CRYPTO_TESTS 1
-
-#ifdef DO_CRYPTO_TESTS
-/* Do not remove this test code from this file! AIA */
-static BOOL desx_key_expand_test(void) {
-	const u8 known_desx_on_disk_key[16] = {
-			0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
-			0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30 };
-	const u8 known_desx_expanded_key[24] = {
-			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
-			0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
-			0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e };
-	u8 test_desx_expanded_key[24];
-	int res;
-
-	desx_key_expand(known_desx_on_disk_key, test_desx_expanded_key);
-	res = !memcmp(test_desx_expanded_key, known_desx_expanded_key,
-			sizeof(known_desx_expanded_key));
-	fprintf(stderr, "Testing whether desx_key_expand() works: %s\n",
-		res ? "SUCCESS" : "FAILED");
-	return res;
-}
-
-static BOOL des_test(void) {
-	const u8 known_des_key[8] = {
-			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f };
-	const u8 known_des_encrypted_data[8] = {
-			0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f };
-	const u8 known_decrypted_data[8] = {
-			0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09 };
-	u8 test_decrypted_data[8];
-	int res;
-	gcry_error_t gcry_error2;
-	gcry_cipher_hd_t gcry_cipher_hd;
-
-	if ((gcry_error2 = gcry_cipher_open(&gcry_cipher_hd, GCRY_CIPHER_DES,
-			GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR) {
-		fprintf(stderr, "Failed to open des cipher (gcry_error2 is "
-				"%u).\n", gcry_error2);
-		return FALSE;
-	}
-	if ((gcry_error2 = gcry_cipher_setkey(gcry_cipher_hd,
-			known_des_key, sizeof(known_des_key)))) {
-		fprintf(stderr, "Failed to set des key (gcry_error2 is %u).\n",
-				gcry_error2);
-		gcry_cipher_close(gcry_cipher_hd);
-		return FALSE;
-	}
-	memcpy(test_decrypted_data, known_des_encrypted_data,
-			sizeof(known_des_encrypted_data));
-	/* Apply DES decyption. */
-	gcry_error2 = gcry_cipher_decrypt(gcry_cipher_hd,
-			test_decrypted_data, sizeof(test_decrypted_data),
-			NULL, 0);
-	gcry_cipher_close(gcry_cipher_hd);
-	if (gcry_error2) {
-		fprintf(stderr, "Failed to des decrypt test data (gcry_error2 "
-				"is %u).\n", gcry_error2);
-		return FALSE;
-	}
-	res = !memcmp(test_decrypted_data, known_decrypted_data,
-			sizeof(known_decrypted_data));
-	fprintf(stderr, "Testing whether des decryption works: %s\n",
-		res ? "SUCCESS" : "FAILED");
-	return res;
-}
-
-#else
-static inline BOOL desx_key_expand_test(void) {
-	return TRUE;
-}
-static inline BOOL des_test(void) {
-	return TRUE;
-}
-#endif
-
 decrypt_key *decrypt_make_key(decrypt_session *session __attribute__((unused)), 
 		unsigned int data_size __attribute__((unused)),
 		unsigned char *data) {
 	DECRYPT_KEY *key;
 	unsigned int key_size, gcry_algo;
-	int gcry_length, gcry_mode;
-	gcry_error_t gcry_error2;
+	gcry_error_t err;
 
 	key_size = *(u32*)data;
 
@@ -627,67 +668,37 @@ decrypt_key *decrypt_make_key(decrypt_se
 		return NULL;
 	}
 
+	key_size = *(u32*)data;
 	key->alg_id = *(u32*)(data + 8);
 	key->key_data = data + 16;
-	gcry_mode = GCRY_CIPHER_MODE_CBC;
 
 	switch (key->alg_id) {
 	case CALG_DESX:
-		if (!desx_key_expand_test()) {
-			free(key);
-			errno = -1;
-			return NULL;
-		}
 		fprintf(stderr, "DESX key of %u bytes\n", key_size);
-		fprintf(stderr, "on-disk key (hex) = 0x%llx, 0x%llx\n",
-				*(u64*)key->key_data, *(u64*)(key->key_data+8));
-		desx_key_expand(key->key_data, (u8*)&key->desx_key);
-		fprintf(stderr, "expanded keys (hex) =\n\t0x%llx (des)\n\t"
-				"0x%llx (in-whitening)\n\t"
-				"0x%llx (out-whitening)\n", key->desx_key[0],
-				key->desx_key[1],
-				key->desx_key[2]);
-		if (!des_test()) {
-			free(key);
-			errno = -1;
-			return NULL;
-		}
-		key->key_data = (u8*)&key->desx_key[0];
-		gcry_mode = GCRY_CIPHER_MODE_ECB;
-		gcry_length = 8;
-		gcry_algo = GCRY_CIPHER_DES;
-		is_first = TRUE;
+		gcry_algo = desx_algorithm_id;
 		break;
 	case CALG_3DES:
 		fprintf(stderr, "3DES Key of %u bytes\n", key_size);
-		gcry_length = 24;
 		gcry_algo = GCRY_CIPHER_3DES; 
 		break;
 	case CALG_AES_256:
 		fprintf(stderr, "AES Key of %u bytes\n", key_size);
-		gcry_length = 32;
 		gcry_algo = GCRY_CIPHER_AES256;
 		break;
 	default:
 		fprintf(stderr, "DES key of %u bytes\n", key_size);
-		if (!des_test()) {
-			free(key);
-			errno = -1;
-			return NULL;
-		}
-		gcry_length = 8;
 		gcry_algo = GCRY_CIPHER_DES;
 		break;
 	}
-	if ((gcry_error2 = gcry_cipher_open(&key->gcry_cipher_hd,
-			gcry_algo, gcry_mode, 0)) != GPG_ERR_NO_ERROR) {
-		fprintf(stderr, "gcry_error1 is %u.\n", gcry_error2);
+	if ((err = gcry_cipher_open(&key->gcry_cipher_hd, gcry_algo,
+			GCRY_CIPHER_MODE_CBC, 0)) != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "gcry_cipher_open failed with 0x%x.\n", err);
 		errno = -1;
 		return 0;
 	}
-	if ((gcry_error2 = gcry_cipher_setkey(key->gcry_cipher_hd,
-			key->key_data, gcry_length))) {
-		fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
+	if ((err = gcry_cipher_setkey(key->gcry_cipher_hd, key->key_data,
+							key_size))) {
+		fprintf(stderr, "gcry_cipher_setkey failed with 0x%x.\n", err);
 	}
 	return (decrypt_key *)key;
 }

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.9,1.10

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7089

Modified Files:
	decrypt.c 
Log Message:
finally have verified des key expansion to be correct and have test cases for
it and des decryption.  Currently the des test fails.  It appears ntfs does not
use standard des encryption.  )-:  Perhaps it uses the export non-restricted
40-bit des key instead of 56-bit des...


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- decrypt.c	26 Jul 2005 01:32:51 -0000	1.9
+++ decrypt.c	26 Jul 2005 16:35:00 -0000	1.10
@@ -419,6 +419,8 @@ unsigned int decrypt_decrypt(decrypt_key
 #endif // USER_CRYPTOAPI_RSA (else)
 }
 
+static BOOL is_first = TRUE;
+
 unsigned int decrypt_decrypt_sector(decrypt_key *key, void *data,
 			unsigned long long offset) {
 	gcry_error_t gcry_error2;
@@ -426,6 +428,8 @@ unsigned int decrypt_decrypt_sector(decr
 
 	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
 	// doing it by hand after the decryption?
+	// It wants iv length 8 but we give it 16 for AES256 so it does not
+	// like it...
 
 	if (dkey->alg_id != CALG_DESX) {
 		if ((gcry_error2 = gcry_cipher_reset(dkey->gcry_cipher_hd)))
@@ -443,20 +447,45 @@ unsigned int decrypt_decrypt_sector(decr
 					dkey->gcry_cipher_hd)))
 				fprintf(stderr, "gcry_error2 is %u.\n",
 						gcry_error2);
+			if (is_first) {
+				fprintf(stderr, "encrypted data = 0x%llx\n",
+						*pos);
+				fprintf(stderr, "in-whitening = 0x%llx\n",
+						dkey->desx_key[1]);
+			}
 			/* Apply in-whitening. */
-			*pos ^= dkey->desx_key[2];
+			*pos ^= dkey->desx_key[1];
+			if (is_first)
+				fprintf(stderr, "whitened data = 0x%llx\n",
+						*pos);
 			/* Apply DES decyption. */
 			if ((gcry_error2 = gcry_cipher_decrypt(
 					dkey->gcry_cipher_hd, (u8*)pos, 8,
 					NULL, 0)))
 				fprintf(stderr, "gcry_error2 is %u.\n",
 						gcry_error2);
+			if (is_first) {
+				fprintf(stderr, "data after des = 0x%llx\n",
+						*pos);
+				fprintf(stderr, "out-whitening = 0x%llx\n",
+						dkey->desx_key[2]);
+			}
 			/* Apply out-whitening. */
-			*pos ^= dkey->desx_key[1];
+			*pos ^= dkey->desx_key[2];
+			if (is_first)
+				fprintf(stderr, "out-whitened data = 0x%llx\n",
+						*pos);
 			if (pos == (u64*)data)
 				break;
+			if (is_first)
+				fprintf(stderr, "next encrypted data = "
+						"0x%llx\n", *(pos - 1));
 			*pos ^= *(pos - 1);
+			if (is_first)
+				fprintf(stderr, "decrypted data = 0x%llx\n",
+						*pos);
 			pos--;
+			is_first = FALSE;
 		} while (1);
 	}
 	/* Apply the IV. */
@@ -480,7 +509,7 @@ unsigned int decrypt_decrypt_sector(decr
  *
  * FIXME: Is this endianness safe?  I think so but I may be wrong...
  */
-static void desx_key_expand(u8 *src, u8* dst) {
+static void desx_key_expand(const u8 *src, u8* dst) {
 	static const int salt_len = 12;
 	static const u8 *salt1 = "Dan Simon  ";
 	static const u8 *salt2 = "Scott Field";
@@ -507,6 +536,82 @@ static void desx_key_expand(u8 *src, u8*
 	return;
 }
 
+#define DO_CRYPTO_TESTS 1
+
+#ifdef DO_CRYPTO_TESTS
+/* Do not remove this test code from this file! AIA */
+static BOOL desx_key_expand_test(void) {
+	const u8 known_desx_on_disk_key[16] = {
+			0xa1, 0xf9, 0xe0, 0xb2, 0x53, 0x23, 0x9e, 0x8f,
+			0x0f, 0x91, 0x45, 0xd9, 0x8e, 0x20, 0xec, 0x30 };
+	const u8 known_desx_expanded_key[24] = {
+			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f,
+			0xed, 0xda, 0x4c, 0x47, 0x60, 0x49, 0xdb, 0x8d,
+			0x75, 0xf6, 0xa0, 0x1a, 0xc0, 0xca, 0x28, 0x1e };
+	u8 test_desx_expanded_key[24];
+	int res;
+
+	desx_key_expand(known_desx_on_disk_key, test_desx_expanded_key);
+	res = !memcmp(test_desx_expanded_key, known_desx_expanded_key,
+			sizeof(known_desx_expanded_key));
+	fprintf(stderr, "Testing whether desx_key_expand() works: %s\n",
+		res ? "SUCCESS" : "FAILED");
+	return res;
+}
+
+static BOOL des_test(void) {
+	const u8 known_des_key[8] = {
+			0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f };
+	const u8 known_des_encrypted_data[8] = {
+			0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f };
+	const u8 known_decrypted_data[8] = {
+			0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09 };
+	u8 test_decrypted_data[8];
+	int res;
+	gcry_error_t gcry_error2;
+	gcry_cipher_hd_t gcry_cipher_hd;
+
+	if ((gcry_error2 = gcry_cipher_open(&gcry_cipher_hd, GCRY_CIPHER_DES,
+			GCRY_CIPHER_MODE_ECB, 0)) != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "Failed to open des cipher (gcry_error2 is "
+				"%u).\n", gcry_error2);
+		return FALSE;
+	}
+	if ((gcry_error2 = gcry_cipher_setkey(gcry_cipher_hd,
+			known_des_key, sizeof(known_des_key)))) {
+		fprintf(stderr, "Failed to set des key (gcry_error2 is %u).\n",
+				gcry_error2);
+		gcry_cipher_close(gcry_cipher_hd);
+		return FALSE;
+	}
+	memcpy(test_decrypted_data, known_des_encrypted_data,
+			sizeof(known_des_encrypted_data));
+	/* Apply DES decyption. */
+	gcry_error2 = gcry_cipher_decrypt(gcry_cipher_hd,
+			test_decrypted_data, sizeof(test_decrypted_data),
+			NULL, 0);
+	gcry_cipher_close(gcry_cipher_hd);
+	if (gcry_error2) {
+		fprintf(stderr, "Failed to des decrypt test data (gcry_error2 "
+				"is %u).\n", gcry_error2);
+		return FALSE;
+	}
+	res = !memcmp(test_decrypted_data, known_decrypted_data,
+			sizeof(known_decrypted_data));
+	fprintf(stderr, "Testing whether des decryption works: %s\n",
+		res ? "SUCCESS" : "FAILED");
+	return res;
+}
+
+#else
+static inline BOOL desx_key_expand_test(void) {
+	return TRUE;
+}
+static inline BOOL des_test(void) {
+	return TRUE;
+}
+#endif
+
 decrypt_key *decrypt_make_key(decrypt_session *session __attribute__((unused)), 
 		unsigned int data_size __attribute__((unused)),
 		unsigned char *data) {
@@ -528,17 +633,30 @@ decrypt_key *decrypt_make_key(decrypt_se
 
 	switch (key->alg_id) {
 	case CALG_DESX:
+		if (!desx_key_expand_test()) {
+			free(key);
+			errno = -1;
+			return NULL;
+		}
 		fprintf(stderr, "DESX key of %u bytes\n", key_size);
 		fprintf(stderr, "on-disk key (hex) = 0x%llx, 0x%llx\n",
 				*(u64*)key->key_data, *(u64*)(key->key_data+8));
 		desx_key_expand(key->key_data, (u8*)&key->desx_key);
-		fprintf(stderr, "expanded keys (hex) = 0x%llx, 0x%llx, "
-				"0x%llx\n", key->desx_key[0], key->desx_key[1],
+		fprintf(stderr, "expanded keys (hex) =\n\t0x%llx (des)\n\t"
+				"0x%llx (in-whitening)\n\t"
+				"0x%llx (out-whitening)\n", key->desx_key[0],
+				key->desx_key[1],
 				key->desx_key[2]);
+		if (!des_test()) {
+			free(key);
+			errno = -1;
+			return NULL;
+		}
 		key->key_data = (u8*)&key->desx_key[0];
 		gcry_mode = GCRY_CIPHER_MODE_ECB;
 		gcry_length = 8;
 		gcry_algo = GCRY_CIPHER_DES;
+		is_first = TRUE;
 		break;
 	case CALG_3DES:
 		fprintf(stderr, "3DES Key of %u bytes\n", key_size);
@@ -552,6 +670,11 @@ decrypt_key *decrypt_make_key(decrypt_se
 		break;
 	default:
 		fprintf(stderr, "DES key of %u bytes\n", key_size);
+		if (!des_test()) {
+			free(key);
+			errno = -1;
+			return NULL;
+		}
 		gcry_length = 8;
 		gcry_algo = GCRY_CIPHER_DES;
 		break;

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.8,1.9

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25844

Modified Files:
	decrypt.c 
Log Message:
Fixes for key order for desx.  Still doesn't work but now keys are correct.


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- decrypt.c	25 Jul 2005 23:23:48 -0000	1.8
+++ decrypt.c	26 Jul 2005 01:32:51 -0000	1.9
@@ -444,7 +444,7 @@ unsigned int decrypt_decrypt_sector(decr
 				fprintf(stderr, "gcry_error2 is %u.\n",
 						gcry_error2);
 			/* Apply in-whitening. */
-			*pos ^= dkey->desx_key[0];
+			*pos ^= dkey->desx_key[2];
 			/* Apply DES decyption. */
 			if ((gcry_error2 = gcry_cipher_decrypt(
 					dkey->gcry_cipher_hd, (u8*)pos, 8,
@@ -535,7 +535,7 @@ decrypt_key *decrypt_make_key(decrypt_se
 		fprintf(stderr, "expanded keys (hex) = 0x%llx, 0x%llx, "
 				"0x%llx\n", key->desx_key[0], key->desx_key[1],
 				key->desx_key[2]);
-		key->key_data = (u8*)&key->desx_key[2];
+		key->key_data = (u8*)&key->desx_key[0];
 		gcry_mode = GCRY_CIPHER_MODE_ECB;
 		gcry_length = 8;
 		gcry_algo = GCRY_CIPHER_DES;

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.7,1.8

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30751

Modified Files:
	decrypt.c 
Log Message:
- Fix bug I introduced causing the IV to be wrong for AES decryption.
- Fix a bug where we fail to supply the buffer size when exporting the key.
  Not sure how that ever worked...


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- decrypt.c	24 Jul 2005 14:42:43 -0000	1.7
+++ decrypt.c	25 Jul 2005 23:23:48 -0000	1.8
@@ -232,6 +232,7 @@ decrypt_key *decrypt_user_key_open(decry
 		goto decrypt_key_open_err;
 	}
 
+	key_size = sizeof(key_blob);
 	if (!CryptExportKey(hCryptKey, 0, PRIVATEKEYBLOB, 0, key_blob, &key_size)) {
 		fprintf(stderr, "Could not export key: Error 0x%x\n",
 					(unsigned int)GetLastError());
@@ -423,14 +424,12 @@ unsigned int decrypt_decrypt_sector(decr
 	gcry_error_t gcry_error2;
 	DECRYPT_KEY *dkey = (DECRYPT_KEY *)key;
 
-	if ((gcry_error2 = gcry_cipher_reset(dkey->gcry_cipher_hd))) {
-		fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
-	}
-
 	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
 	// doing it by hand after the decryption?
 
 	if (dkey->alg_id != CALG_DESX) {
+		if ((gcry_error2 = gcry_cipher_reset(dkey->gcry_cipher_hd)))
+			fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
 		if ((gcry_error2 = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
 				data, 512, NULL, 0)))
 			fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
@@ -440,6 +439,10 @@ unsigned int decrypt_decrypt_sector(decr
 		/* Set @pos to last eight bytes of sector @data. */
 		pos = (u64*)(data + 512 - 8);
 		do {
+			if ((gcry_error2 = gcry_cipher_reset(
+					dkey->gcry_cipher_hd)))
+				fprintf(stderr, "gcry_error2 is %u.\n",
+						gcry_error2);
 			/* Apply in-whitening. */
 			*pos ^= dkey->desx_key[0];
 			/* Apply DES decyption. */
@@ -457,15 +460,12 @@ unsigned int decrypt_decrypt_sector(decr
 		} while (1);
 	}
 	/* Apply the IV. */
-	if (dkey->alg_id == CALG_AES) {
-		((u64*)data)[0] ^=
-				0x5816657be9161312LL + offset;
-		((u64*)data)[1] ^=
-				0x1989adbe44918961LL + offset;
+	if (dkey->alg_id == CALG_AES_256) {
+		((u64*)data)[0] ^= 0x5816657be9161312LL + offset;
+		((u64*)data)[1] ^= 0x1989adbe44918961LL + offset;
 	} else {
 		/* All other algos (Des, 3Des, DesX) use the same IV. */
-		((u64*)data)[0] ^=
-				0x169119629891ad13LL + offset;
+		((u64*)data)[0] ^= 0x169119629891ad13LL + offset;
 	}
 	return 512;
 }

[Linux-NTFS-cvs] CVS: ntfsprogs ChangeLog,1.251,1.252

[Yura P. <cha...@us...>]

Changes by: cha0smaster

Update of /cvsroot/linux-ntfs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16218

Modified Files:
	ChangeLog 
Log Message:
update


Index: ChangeLog
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ChangeLog,v
retrieving revision 1.251
retrieving revision 1.252
diff -u -p -r1.251 -r1.252
--- ChangeLog	25 Jul 2005 20:40:08 -0000	1.251
+++ ChangeLog	25 Jul 2005 22:08:42 -0000	1.252
@@ -13,6 +13,8 @@ xx/xx/xxxx - 1.12.0-WIP
 	- ntfsresize: support relocation of $MFT with $ATTRIBUTE_LIST.  (Szaka)
 	- ntfsresize: support resizing into the middle of a $MFT $DATA
 	  extent. (Szaka)
+	- ntfscp: fix attribute name parsing bug introduced in 1.10.0.  (Yura)
+	- ntfsinfo: dump more information for indexes.  (Yura)
 
 20/07/2005 - 1.11.1 - Fix several ntfsmount bugs.
 

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfscp.c,1.24,1.25 ntfsinfo.c,1.71,1.72

[Yura P. <cha...@us...>]

Changes by: cha0smaster

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15310/ntfsprogs

Modified Files:
	ntfscp.c ntfsinfo.c 
Log Message:
ntfscp.c: fix bug intoduced by Anton in changeset 1.21
ntfsinfo: more info on index dumping
dir.c, layout.h: minor fixes


Index: ntfscp.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfscp.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -p -r1.24 -r1.25
--- ntfscp.c	6 Jul 2005 22:47:19 -0000	1.24
+++ ntfscp.c	25 Jul 2005 22:05:27 -0000	1.25
@@ -262,7 +262,7 @@ int main (int argc, char *argv[])
 	u64 offset;
 	char *buf;
 	s64 br, bw;
-	ntfschar *attr_name = AT_UNNAMED;
+	ntfschar *attr_name;
 	int attr_name_len = 0;
 
 	if (!parse_options(argc, argv))
@@ -363,12 +363,14 @@ int main (int argc, char *argv[])
 	}
 
 	if (opts.attr_name) {
+		attr_name = NULL;
 		attr_name_len = ntfs_mbstoucs(opts.attr_name, &attr_name, 0);
 		if (attr_name_len == -1) {
 			perror("ERROR: Failed to parse attribute name");
 			goto close_dst;
 		}
-	}
+	} else
+		attr_name = AT_UNNAMED;
 	na = ntfs_attr_open(out, opts.attribute, attr_name, attr_name_len);
 	if (!na) {
 		if (errno != ENOENT) {
@@ -383,6 +385,8 @@ int main (int argc, char *argv[])
 			goto close_dst;
 		}
 	}
+	if (attr_name != AT_UNNAMED)
+		free(attr_name);
 
 	Vprintf("Old file size: %lld\n", na->data_size);
 	if (na->data_size != new_size) {

Index: ntfsinfo.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsinfo.c,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -p -r1.71 -r1.72
--- ntfsinfo.c	20 Jul 2005 19:06:49 -0000	1.71
+++ ntfsinfo.c	25 Jul 2005 22:05:27 -0000	1.72
@@ -1086,7 +1086,6 @@ static int ntfs_dump_index_entries(INDEX
 	int numb_entries = 1;
 	char *name = NULL;
 
-	Vprintf("\tDumping index entries:");
 	while(1) {
 		if (!opts.verbose) {
 			if (entry->flags & INDEX_ENTRY_END)
@@ -1103,6 +1102,10 @@ static int ntfs_dump_index_entries(INDEX
 				le16_to_cpu(entry->key_length));
 		Vprintf("\t\tFlags:\t\t\t 0x%02x\n", le16_to_cpu(entry->flags));
 
+		if (entry->flags & INDEX_ENTRY_NODE)
+			Vprintf("\t\tSubnode VCN:\t\t %lld\n", le64_to_cpu(
+					*((u8*)entry + le16_to_cpu(
+					entry->length) - sizeof(VCN))));
 		if (entry->flags & INDEX_ENTRY_END)
 			break;
 
@@ -1224,6 +1227,7 @@ static void ntfs_dump_attr_index_root(AT
 
 	entry = (INDEX_ENTRY *)((u8 *)index_root +
 			le32_to_cpu(index_root->index.entries_offset) + 0x10);
+	Vprintf("\tDumping index block:");
 	printf("\tIndex entries total:\t %d\n",
 			ntfs_dump_index_entries(entry, index_root->type));
 }
@@ -1344,6 +1348,12 @@ static void ntfs_dump_index_allocation(A
 			}
 			entry = (INDEX_ENTRY *)((u8 *)tmp_alloc + le32_to_cpu(
 				tmp_alloc->index.entries_offset) + 0x18);
+			Vprintf("\tDumping index block "
+					"(VCN %lld, used %u/%u):", le64_to_cpu(
+					tmp_alloc->index_block_vcn),
+					le32_to_cpu(tmp_alloc->index.
+					index_length), le32_to_cpu(tmp_alloc->
+					index.allocated_size));
 			total_entries += ntfs_dump_index_entries(entry, type);
 			total_indx_blocks++;
 		}

[Linux-NTFS-cvs] CVS: ntfsprogs/libntfs dir.c,1.18,1.19

[Yura P. <cha...@us...>]

Changes by: cha0smaster

Update of /cvsroot/linux-ntfs/ntfsprogs/libntfs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15310/libntfs

Modified Files:
	dir.c 
Log Message:
ntfscp.c: fix bug intoduced by Anton in changeset 1.21
ntfsinfo: more info on index dumping
dir.c, layout.h: minor fixes


Index: dir.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/libntfs/dir.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -p -r1.18 -r1.19
--- dir.c	6 Jul 2005 22:47:17 -0000	1.18
+++ dir.c	25 Jul 2005 22:05:27 -0000	1.19
@@ -938,7 +938,7 @@ find_next_index_buffer:
 		}
 	}
 
-	Dprintf("Handling index block 0x%llx.", (long long)bmp_pos);
+	Dprintf("Handling index block 0x%llx.\n", (long long)bmp_pos);
 
 	/* Read the index block starting at bmp_pos. */
 	br = ntfs_attr_mst_pread(ia_na, bmp_pos << index_block_size_bits, 1,

[Linux-NTFS-cvs] CVS: ntfsprogs/include/ntfs layout.h,1.22,1.23

[Yura P. <cha...@us...>]

Changes by: cha0smaster

Update of /cvsroot/linux-ntfs/ntfsprogs/include/ntfs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15310/include/ntfs

Modified Files:
	layout.h 
Log Message:
ntfscp.c: fix bug intoduced by Anton in changeset 1.21
ntfsinfo: more info on index dumping
dir.c, layout.h: minor fixes


Index: layout.h
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/include/ntfs/layout.h,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -p -r1.22 -r1.23
--- layout.h	9 Jul 2005 00:09:53 -0000	1.22
+++ layout.h	25 Jul 2005 22:05:27 -0000	1.23
@@ -2221,7 +2221,7 @@ typedef struct {
 	//		   follows the INDEX_ENTRY_HEADER. Regardless of
 	//		   key_length, the address of the 8-byte boundary
 	//		   aligned vcn of INDEX_ENTRY{_HEADER} *ie is given by
-	//		   (char*)ie + le16_to_cpu(ie*)->length) - sizeof(VCN),
+	//		   (char*)ie + le16_to_cpu(ie->length) - sizeof(VCN),
 	//		   where sizeof(VCN) can be hardcoded as 8 if wanted. */
 } __attribute__ ((__packed__)) INDEX_ENTRY;
 

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfsresize.c,1.80,1.81

[Szabolcs S. <sz...@us...>]

Changes by: szaka

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3677/ntfsprogs

Modified Files:
	ntfsresize.c 
Log Message:
Don't show detailed resizing related info by default since the only real
restriction to shrink to the smallest size possible is the relocation of
the first $MFT $DATA extent, usually around 3 GB.


Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsresize.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -p -r1.80 -r1.81
--- ntfsresize.c	25 Jul 2005 20:40:07 -0000	1.80
+++ ntfsresize.c	25 Jul 2005 21:19:08 -0000	1.81
@@ -522,7 +522,7 @@ static int parse_options(int argc, char 
 	return (!err && !help && !ver);
 }
 
-static void __print_advise(ntfs_volume *vol, s64 supp_lcn)
+static void print_advise(ntfs_volume *vol, s64 supp_lcn)
 {
 	s64 old_b, new_b, freed_b, old_mb, new_mb, freed_mb;
 
@@ -556,11 +556,7 @@ static void __print_advise(ntfs_volume *
 	else
 	    printf("%lld bytes", (long long)freed_b);
 	printf(").\n");
-}
 
-static void print_advise(ntfs_volume *vol, s64 supp_lcn)
-{
-	__print_advise(vol, supp_lcn);
 	printf("Please make a test run using both the -n and -s options "
 	       "before real resizing!\n");
 }
@@ -1107,7 +1103,7 @@ static void set_resize_constraints(ntfs_
 	s64 nr_mft_records, inode;
 	ntfs_inode *ni;
 
-	printf("Collecting shrinkage constraints ...\n");
+	printf("Collecting resizing constraints ...\n");
 
 	nr_mft_records = resize->vol->mft_na->initialized_size >>
 			resize->vol->mft_record_size_bits;
@@ -1786,16 +1782,15 @@ static void advise_on_resize(ntfs_resize
 {
 	ntfs_volume *vol = resize->vol;
 
-	printf("Estimating smallest shrunken size supported ...\n");
-
-	printf("File feature         Last used at      By inode\n");
-	print_hint(vol, "$MFT", resize->last_mft);
-	print_hint(vol, "Multi-Record", resize->last_multi_mft);
 	if (opt.verbose) {
-		print_hint(vol, "$MFTMirr", resize->last_mftmir);
-		print_hint(vol, "Compressed", resize->last_compressed);
-		print_hint(vol, "Sparse", resize->last_sparse);
-		print_hint(vol, "Ordinary", resize->last_lcn);
+		printf("Estimating smallest shrunken size supported ...\n");
+		printf("File feature         Last used at      By inode\n");
+		print_hint(vol, "$MFT", 	resize->last_mft);
+		print_hint(vol, "Multi-Record", resize->last_multi_mft);
+		print_hint(vol, "$MFTMirr", 	resize->last_mftmir);
+		print_hint(vol, "Compressed", 	resize->last_compressed);
+		print_hint(vol, "Sparse", 	resize->last_sparse);
+		print_hint(vol, "Ordinary", 	resize->last_lcn);
 	}
 
 	print_advise(vol, resize->last_unsupp);

[Linux-NTFS-cvs] CVS: ntfsprogs ChangeLog,1.250,1.251 TODO.ntfsprogs,1.20,1.21

[Szabolcs S. <sz...@us...>]

Changes by: szaka

Update of /cvsroot/linux-ntfs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27524

Modified Files:
	ChangeLog TODO.ntfsprogs 
Log Message:
Support resizing into the middle of a $MFT $DATA extent


Index: ChangeLog
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ChangeLog,v
retrieving revision 1.250
retrieving revision 1.251
diff -u -p -r1.250 -r1.251
--- ChangeLog	24 Jul 2005 22:34:36 -0000	1.250
+++ ChangeLog	25 Jul 2005 20:40:08 -0000	1.251
@@ -10,7 +10,9 @@ xx/xx/xxxx - 1.12.0-WIP
 	  record attributes at AT_DATA of $BadClus and $Bitmap. In practice, 
 	  there aren't non-resident attributes after them so this bug,
 	  introduced in 1.11.0, shouldn't have ever caused data loss.  (Szaka)
-	- ntfsresize: support relocation of $MFT with $ATTRIBUTE_LIST. (Szaka)
+	- ntfsresize: support relocation of $MFT with $ATTRIBUTE_LIST.  (Szaka)
+	- ntfsresize: support resizing into the middle of a $MFT $DATA
+	  extent. (Szaka)
 
 20/07/2005 - 1.11.1 - Fix several ntfsmount bugs.
 

Index: TODO.ntfsprogs
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/TODO.ntfsprogs,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- TODO.ntfsprogs	24 Jul 2005 22:34:36 -0000	1.20
+++ TODO.ntfsprogs	25 Jul 2005 20:40:08 -0000	1.21
@@ -73,7 +73,6 @@ Thanks,
 **************
 
 High priority
-  - support splitting up $MFT runs
   - move ntfs consistency check to libntfs (for ntfsck, ntfsclone, etc)
   - use different exit codes (e.g. corrupt volume detected, unsupported case, 
     bad sectors, etc) 

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfsresize.c,1.79,1.80 ntfsresize.8.in,1.21,1.22

[Szabolcs S. <sz...@us...>]

Changes by: szaka

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27524/ntfsprogs

Modified Files:
	ntfsresize.c ntfsresize.8.in 
Log Message:
Support resizing into the middle of a $MFT $DATA extent


Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsresize.c,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -p -r1.79 -r1.80
--- ntfsresize.c	24 Jul 2005 22:34:36 -0000	1.79
+++ ntfsresize.c	25 Jul 2005 20:40:07 -0000	1.80
@@ -759,16 +759,10 @@ static void collect_relocation_info(ntfs
 		start = new_vol_size;
 		len = lcn_length - (new_vol_size - lcn);
 
-		if (!opt.info && (inode == FILE_MFT || inode == FILE_MFTMirr)) {
-			s64 last_lcn;
-
-			err_printf("$MFT%s can't be split up yet. Please try "
-				   "a different size.\n", inode ? "Mirr" : "");
-			last_lcn = lcn + lcn_length - 1;
-			if (!(inode == FILE_MFT && rl->vcn == 0) && 
-			    lcn - 1 >= resize->inuse)
-				__print_advise(resize->vol, lcn - 1);
-			print_advise(resize->vol, last_lcn);
+		if (!opt.info && (inode == FILE_MFTMirr)) {
+			err_printf("$MFTMirr can't be split up yet. Please try "
+				   "a different size.\n");
+			print_advise(resize->vol, lcn + lcn_length - 1);
 			exit(1);
 		}
 	}

Index: ntfsresize.8.in
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsresize.8.in,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -p -r1.21 -r1.22
--- ntfsresize.8.in	24 Jul 2005 22:34:36 -0000	1.21
+++ ntfsresize.8.in	25 Jul 2005 20:40:07 -0000	1.22
@@ -183,9 +183,9 @@ to approve your post. 
 .PP
 There are a few very rarely met restrictions at present: filesystems having 
 unknown bad sectors, relocation
-of the first MFT extent and resizing in the middle of some metadata
-in some cases aren't supported yet. These cases are detected and 
-resizing is refused, restricted to a safe size or the closest safe 
+of the first MFT extent and resizing into the middle of a $MFTMirr extent
+aren't supported yet. These cases are detected and 
+resizing is restricted to a safe size or the closest safe 
 size is displayed.
 .PP
 .B Ntfsresize

[Linux-NTFS-cvs] CVS: ntfsprogs ChangeLog,1.249,1.250 TODO.ntfsprogs,1.19,1.20

[Szabolcs S. <sz...@us...>]

Changes by: szaka

Update of /cvsroot/linux-ntfs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4071

Modified Files:
	ChangeLog TODO.ntfsprogs 
Log Message:
Support relocation of $MFT with $ATTRIBUTE_LIST


Index: ChangeLog
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ChangeLog,v
retrieving revision 1.249
retrieving revision 1.250
diff -u -p -r1.249 -r1.250
--- ChangeLog	23 Jul 2005 00:50:31 -0000	1.249
+++ ChangeLog	24 Jul 2005 22:34:36 -0000	1.250
@@ -6,6 +6,11 @@ xx/xx/xxxx - 1.12.0-WIP
 	  ntfs_inode_open.  Update ntfsmount to use them.  (Yura)
 	- index.c::ntfs_index_lookup: fix bug when index context didn't point
 	  on index root in which entry located.  (Yura)
+	- ntfsresize: relocate_attributes(): don't stop processing of MFT 
+	  record attributes at AT_DATA of $BadClus and $Bitmap. In practice, 
+	  there aren't non-resident attributes after them so this bug,
+	  introduced in 1.11.0, shouldn't have ever caused data loss.  (Szaka)
+	- ntfsresize: support relocation of $MFT with $ATTRIBUTE_LIST. (Szaka)
 
 20/07/2005 - 1.11.1 - Fix several ntfsmount bugs.
 

Index: TODO.ntfsprogs
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/TODO.ntfsprogs,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -p -r1.19 -r1.20
--- TODO.ntfsprogs	18 Jul 2005 22:32:37 -0000	1.19
+++ TODO.ntfsprogs	24 Jul 2005 22:34:36 -0000	1.20
@@ -73,7 +73,6 @@ Thanks,
 **************
 
 High priority
-  - support $MFT with $ATTRIBUTE_LIST
   - support splitting up $MFT runs
   - move ntfs consistency check to libntfs (for ntfsck, ntfsclone, etc)
   - use different exit codes (e.g. corrupt volume detected, unsupported case, 

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfsresize.c,1.78,1.79 ntfsresize.8.in,1.20,1.21

[Szabolcs S. <sz...@us...>]

Changes by: szaka

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4071/ntfsprogs

Modified Files:
	ntfsresize.c ntfsresize.8.in 
Log Message:
Support relocation of $MFT with $ATTRIBUTE_LIST


Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsresize.c,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -p -r1.78 -r1.79
--- ntfsresize.c	24 Jul 2005 09:06:55 -0000	1.78
+++ ntfsresize.c	24 Jul 2005 22:34:36 -0000	1.79
@@ -155,6 +155,7 @@ typedef struct {
 	int dirty_inode;	     /* some inode data got relocated */
 	int shrink;		     /* shrink = 1, enlarge = 0 */
 	s64 badclusters;	     /* num of physically dead clusters */
+	VCN mft_highest_vcn;	     /* used for relocating the $MFT */
 	struct progress_bar progress;
 	struct bitmap lcn_bitmap;
 	/* Temporary statistics until all case is supported */
@@ -689,12 +690,10 @@ static void collect_resize_constraints(n
 
 	} else if (inode == FILE_MFT) {
 		llcn = &resize->last_mft;
-
 		/*
-		 *  First run of $MFT AT_DATA and $MFT with AT_ATTRIBUTE_LIST
-		 *  isn't supported yet.
+		 *  First run of $MFT AT_DATA isn't supported yet.
 		 */
-		if ((atype != AT_DATA || rl->vcn) && !NInoAttrList(resize->ni))
+		if (atype != AT_DATA || rl->vcn)
 			supported = 1;
 
 	} else if (NInoAttrList(resize->ni)) {
@@ -1625,7 +1624,56 @@ static void relocate_attribute(ntfs_resi
 	free(rl);
 }
 
-static void relocate_attributes(ntfs_resize_t *resize)
+static int is_mftdata(ntfs_resize_t *resize)
+{
+	if (resize->ctx->attr->type != AT_DATA)
+		return 0;
+
+	if (resize->mref == 0)
+		return 1;
+	
+	if (  MREF(resize->mrec->base_mft_record) == 0  &&
+	    MSEQNO(resize->mrec->base_mft_record) != 0)
+		return 1;
+	
+	return 0;
+}
+
+static int handle_mftdata(ntfs_resize_t *resize, int do_mftdata)
+{
+	ATTR_RECORD *attr = resize->ctx->attr;
+	VCN highest_vcn, lowest_vcn;
+	
+	if (do_mftdata) {
+		
+		if (!is_mftdata(resize))
+			return 0;
+		
+		highest_vcn = sle64_to_cpu(attr->highest_vcn);
+		lowest_vcn  = sle64_to_cpu(attr->lowest_vcn);
+		
+		if (resize->mft_highest_vcn != highest_vcn)
+			return 0;
+		
+		if (lowest_vcn == 0)
+			resize->mft_highest_vcn = lowest_vcn;
+		else
+			resize->mft_highest_vcn = lowest_vcn - 1;
+
+	} else if (is_mftdata(resize)) {
+		
+		highest_vcn = sle64_to_cpu(attr->highest_vcn);
+		
+		if (resize->mft_highest_vcn < highest_vcn)
+			resize->mft_highest_vcn = highest_vcn;
+		
+		return 0;
+	}
+
+	return 1;
+}
+
+static void relocate_attributes(ntfs_resize_t *resize, int do_mftdata)
 {
 	int ret;
 
@@ -1636,6 +1684,9 @@ static void relocate_attributes(ntfs_res
 		if (resize->ctx->attr->type == AT_END)
 			break;
 		
+		if (handle_mftdata(resize, do_mftdata) == 0)
+			continue;
+			
 		ret = has_bad_sectors(resize, 0);
 		if (ret == -1)
 			exit(1);
@@ -1652,7 +1703,7 @@ static void relocate_attributes(ntfs_res
 	ntfs_attr_put_search_ctx(resize->ctx);
 }
 
-static void relocate_inode(ntfs_resize_t *resize, MFT_REF mref)
+static void relocate_inode(ntfs_resize_t *resize, MFT_REF mref, int do_mftdata)
 {
 	if (ntfs_file_record_read(resize->vol, mref, &resize->mrec, NULL)) {
 		/* FIXME: continue only if it make sense, e.g.
@@ -1668,7 +1719,7 @@ static void relocate_inode(ntfs_resize_t
 	resize->mref = mref;
 	resize->dirty_inode = DIRTY_NONE;
 
-	relocate_attributes(resize);
+	relocate_attributes(resize, do_mftdata);
 
 	if (resize->dirty_inode == DIRTY_INODE) {
 //		if (vol->dev->d_ops->sync(vol->dev) == -1)
@@ -1682,6 +1733,7 @@ static void relocate_inodes(ntfs_resize_
 {
 	s64 nr_mft_records;
 	MFT_REF mref;
+	VCN highest_vcn;
 
 	printf("Relocating needed data ...\n");
 
@@ -1695,11 +1747,23 @@ static void relocate_inodes(ntfs_resize_
 	nr_mft_records = resize->vol->mft_na->initialized_size >>
 			resize->vol->mft_record_size_bits;
 
-   	for (mref = 1; mref < (MFT_REF)nr_mft_records; mref++)
-		relocate_inode(resize, mref);
-
-	relocate_inode(resize, 0);
+   	for (mref = 0; mref < (MFT_REF)nr_mft_records; mref++)
+		relocate_inode(resize, mref, 0);
 
+	while(1) {
+		highest_vcn = resize->mft_highest_vcn;
+		mref = nr_mft_records;
+		do {
+			relocate_inode(resize, --mref, 1);
+			if (resize->mft_highest_vcn == 0)
+				goto done;
+		} while (mref);
+
+		if (highest_vcn == resize->mft_highest_vcn)
+			err_exit("Sanity check failed! Highest_vcn = %lld. "
+				 "Please report!", highest_vcn);
+	}
+done:
 	if (resize->mrec)
 		free(resize->mrec);
 }

Index: ntfsresize.8.in
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsresize.8.in,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- ntfsresize.8.in	10 Jul 2005 23:09:02 -0000	1.20
+++ ntfsresize.8.in	24 Jul 2005 22:34:36 -0000	1.21
@@ -1,7 +1,7 @@
 .\" -*- nroff -*-
 .\" Copyright 2002-2005 by Szabolcs Szakacsits  All Rights Reserved.
 .\"
-.TH NTFSRESIZE 8 "Jun 2005" "ntfsprogs version @VERSION@"
+.TH NTFSRESIZE 8 "Jul 2005" "ntfsprogs version @VERSION@"
 .SH NAME
 ntfsresize \- resize an NTFS filesystem without data loss
 .SH SYNOPSIS
@@ -159,7 +159,7 @@ Continue with the real resizing only if 
 Support disks having physical errors, bad sectors. Make a backup by
 .BR ntfsclone (8)
 using option --rescue, then run from the command line 'chkdsk /f /r 
-volume:' on Windows prior using this option with ntfsresize. 
+volume:' on Windows prior using this option.
 
 If the guarantee is still valid for the disk then replace it. It's defected.
 .TP
@@ -181,8 +181,8 @@ don't find your answer then send your qu
 but the mailing list is moderated and it can take a short time
 to approve your post. 
 .PP
-There are some very rarely met limitations at present: filesystems having 
-unknown bad sectors, highly fragmented Master File Table (MFT), relocation
+There are a few very rarely met restrictions at present: filesystems having 
+unknown bad sectors, relocation
 of the first MFT extent and resizing in the middle of some metadata
 in some cases aren't supported yet. These cases are detected and 
 resizing is refused, restricted to a safe size or the closest safe 
@@ -192,7 +192,7 @@ size is displayed.
 schedules an NTFS consistency check and
 after the first boot into Windows you must see
 .B chkdsk 
-running on a blue background. This is intentional.
+running on a blue background. This is intentional and no need to worry about it.
 Windows may force a quick reboot after the consistency check.
 Moreover after repartitioning your disk and depending on the 
 hardware configuration, the Windows message
@@ -222,7 +222,8 @@ at the University of Granada for their c
 furthermore to Erik Meade, Martin Fick, Sandro Hawke, Dave Croal, 
 Lorrin Nelson, Geert Hendrickx, Robert Bjorkman and Richard Burdick 
 for beta testing the relocation support, to Florian Eyben, Fritz Oppliger,
-Richard Ebling, Sid-Ahmed Touati, Jan Kiszka for the valued
+Richard Ebling, Sid-Ahmed Touati, Jan Kiszka, Benjamin Redelings, Christopher
+Haney, Ryan Durk for the valued
 contributions and to Theodore Ts'o whose 
 .BR resize2fs (8)
 man page originally formed the basis of this page.

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.6,1.7 decrypt.h,1.1,1.2

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3086

Modified Files:
	decrypt.c decrypt.h 
Log Message:
Update decryption for desx after more reverse engineering.  Still doesn't work
though.  )-:


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- decrypt.c	22 Jul 2005 23:45:32 -0000	1.6
+++ decrypt.c	24 Jul 2005 14:42:43 -0000	1.7
@@ -96,9 +96,9 @@ typedef struct {
 } DECRYPT_SESSION;
 
 typedef struct {
-	unsigned int gcry_algo;
-	unsigned int gcry_mode;
-	char *key_data;
+	u64 desx_key[3];
+	u8 *key_data;
+	u32 alg_id;
 	gcry_cipher_hd_t gcry_cipher_hd; // handle to the decrypted FEK.
 	gcry_sexp_t sexp_key;  // the user's RSA key.
 #ifdef USE_CRYPTOAPI_RSA
@@ -430,49 +430,41 @@ unsigned int decrypt_decrypt_sector(decr
 	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
 	// doing it by hand after the decryption?
 
-	if (dkey->gcry_mode == GCRY_CIPHER_MODE_CBC) {
+	if (dkey->alg_id != CALG_DESX) {
 		if ((gcry_error2 = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
-					data, 512, NULL, 0))) {
+				data, 512, NULL, 0)))
 			fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
-		}
 	} else {
-		u64 *pos, *end;
-		u64 k2, k3;
-
-		/* DesX is special. */
-		// FIXME: Need to find out which 8 bytes are the DES key...
-		pos = data;
-		end = data + (512/8);
-
-		k2 = *(u64*)dkey->key_data;
-		//k2 = *(u64*)(dkey->key_data + 8);
-		//k2 = *(u64*)(dkey->key_data + 16);
-
-		//k3 = *(u64*)(dkey->key_data);
-		k3 = *(u64*)(dkey->key_data + 8);
-		//k3 = *(u64*)(dkey->key_data + 16);
+		u64 *pos;
 
+		/* Set @pos to last eight bytes of sector @data. */
+		pos = (u64*)(data + 512 - 8);
 		do {
-			*pos ^= k2;
+			/* Apply in-whitening. */
+			*pos ^= dkey->desx_key[0];
+			/* Apply DES decyption. */
 			if ((gcry_error2 = gcry_cipher_decrypt(
-					dkey->gcry_cipher_hd,
-					(unsigned char*)pos, 8, NULL, 0))) {
+					dkey->gcry_cipher_hd, (u8*)pos, 8,
+					NULL, 0)))
 				fprintf(stderr, "gcry_error2 is %u.\n",
 						gcry_error2);
+			/* Apply out-whitening. */
+			*pos ^= dkey->desx_key[1];
+			if (pos == (u64*)data)
 				break;
-			}
-			*pos ^= k3;
-		} while (++pos < end);
-	}
-
-	if (dkey->gcry_algo == GCRY_CIPHER_AES256) {
-		((unsigned long long *)data)[0] ^=
+			*pos ^= *(pos - 1);
+			pos--;
+		} while (1);
+	}
+	/* Apply the IV. */
+	if (dkey->alg_id == CALG_AES) {
+		((u64*)data)[0] ^=
 				0x5816657be9161312LL + offset;
-		((unsigned long long *)data)[1] ^=
+		((u64*)data)[1] ^=
 				0x1989adbe44918961LL + offset;
 	} else {
 		/* All other algos (Des, 3Des, DesX) use the same IV. */
-		((unsigned long long *)data)[0] ^=
+		((u64*)data)[0] ^=
 				0x169119629891ad13LL + offset;
 	}
 	return 512;
@@ -488,7 +480,7 @@ unsigned int decrypt_decrypt_sector(decr
  *
  * FIXME: Is this endianness safe?  I think so but I may be wrong...
  */
-void desx_key_expand(u8 *src, u8* dst) {
+static void desx_key_expand(u8 *src, u8* dst) {
 	static const int salt_len = 12;
 	static const u8 *salt1 = "Dan Simon  ";
 	static const u8 *salt2 = "Scott Field";
@@ -515,85 +507,64 @@ void desx_key_expand(u8 *src, u8* dst) {
 	return;
 }
 
-static decrypt_key *decrypt_make_gcry_key(char *key_data, int gcry_algo) {
-	int gcry_length;
-	gcry_error_t gcry_error2;
+decrypt_key *decrypt_make_key(decrypt_session *session __attribute__((unused)), 
+		unsigned int data_size __attribute__((unused)),
+		unsigned char *data) {
 	DECRYPT_KEY *key;
+	unsigned int key_size, gcry_algo;
+	int gcry_length, gcry_mode;
+	gcry_error_t gcry_error2;
+
+	key_size = *(u32*)data;
 
 	if (!(key = (DECRYPT_KEY *)malloc(sizeof(DECRYPT_KEY)))) {
 		errno = -1;
 		return NULL;
 	}
 
-	key->key_data = key_data;
+	key->alg_id = *(u32*)(data + 8);
+	key->key_data = data + 16;
+	gcry_mode = GCRY_CIPHER_MODE_CBC;
 
-	switch (gcry_algo) {
-	case GCRY_CIPHER_DES_SK:
-		gcry_algo = GCRY_CIPHER_DES;
-		key->gcry_mode = GCRY_CIPHER_MODE_ECB;
+	switch (key->alg_id) {
+	case CALG_DESX:
+		fprintf(stderr, "DESX key of %u bytes\n", key_size);
+		fprintf(stderr, "on-disk key (hex) = 0x%llx, 0x%llx\n",
+				*(u64*)key->key_data, *(u64*)(key->key_data+8));
+		desx_key_expand(key->key_data, (u8*)&key->desx_key);
+		fprintf(stderr, "expanded keys (hex) = 0x%llx, 0x%llx, "
+				"0x%llx\n", key->desx_key[0], key->desx_key[1],
+				key->desx_key[2]);
+		key->key_data = (u8*)&key->desx_key[2];
+		gcry_mode = GCRY_CIPHER_MODE_ECB;
 		gcry_length = 8;
-		//key_data += 8;
-		key_data += 16;
+		gcry_algo = GCRY_CIPHER_DES;
 		break;
-	case GCRY_CIPHER_3DES:
-		key->gcry_mode = GCRY_CIPHER_MODE_CBC;
+	case CALG_3DES:
+		fprintf(stderr, "3DES Key of %u bytes\n", key_size);
 		gcry_length = 24;
+		gcry_algo = GCRY_CIPHER_3DES; 
 		break;
-	case GCRY_CIPHER_AES256:
-		key->gcry_mode = GCRY_CIPHER_MODE_CBC;
+	case CALG_AES_256:
+		fprintf(stderr, "AES Key of %u bytes\n", key_size);
 		gcry_length = 32;
+		gcry_algo = GCRY_CIPHER_AES256;
 		break;
-	case GCRY_CIPHER_DES:
-		key->gcry_mode = GCRY_CIPHER_MODE_CBC;
+	default:
+		fprintf(stderr, "DES key of %u bytes\n", key_size);
 		gcry_length = 8;
+		gcry_algo = GCRY_CIPHER_DES;
 		break;
-	default:
-		errno = ENOTSUP;
-		return 0;
 	}
-
-	if ((gcry_error2 = gcry_cipher_open(&key->gcry_cipher_hd, gcry_algo,
-				key->gcry_mode, 0)) != GPG_ERR_NO_ERROR) {
+	if ((gcry_error2 = gcry_cipher_open(&key->gcry_cipher_hd,
+			gcry_algo, gcry_mode, 0)) != GPG_ERR_NO_ERROR) {
 		fprintf(stderr, "gcry_error1 is %u.\n", gcry_error2);
 		errno = -1;
 		return 0;
 	}
-
 	if ((gcry_error2 = gcry_cipher_setkey(key->gcry_cipher_hd,
-			key_data, gcry_length))) {
+			key->key_data, gcry_length))) {
 		fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
 	}
-
-	key->gcry_algo = gcry_algo;
-
 	return (decrypt_key *)key;
 }
-
-decrypt_key *decrypt_make_key(
-		decrypt_session *session __attribute__((unused)), 
-		unsigned int data_size __attribute__((unused)),
-		void *data) {
-	unsigned int key_size, alg_id;
-	char *key_data;
-	u8 desx_key[192 / 8];
-
-	key_size = *((unsigned int *)data);
-	alg_id   = *(((unsigned int *)data) + 2);
-	key_data = (((char *)data) + 16);
-
-	switch (alg_id) {
-	case CALG_DESX:
-		fprintf(stderr, "DESX key of %u bytes\n", key_size);
-		desx_key_expand(key_data, desx_key);
-		return decrypt_make_gcry_key(desx_key, GCRY_CIPHER_DES_SK); 
-	case CALG_3DES:
-		fprintf(stderr, "3DES Key of %u bytes\n", key_size);
-		return decrypt_make_gcry_key(key_data, GCRY_CIPHER_3DES); 
-	case CALG_AES_256:
-		fprintf(stderr, "AES Key of %u bytes\n", key_size);
-		return decrypt_make_gcry_key(key_data, GCRY_CIPHER_AES256);
-	default:
-		fprintf(stderr, "DES key of %u bytes\n", key_size);
-		return decrypt_make_gcry_key(key_data, GCRY_CIPHER_DES);
-	}
-}

Index: decrypt.h
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- decrypt.h	16 Jul 2005 06:53:53 -0000	1.1
+++ decrypt.h	24 Jul 2005 14:42:43 -0000	1.2
@@ -36,7 +36,7 @@ extern unsigned int decrypt_decrypt(decr
 extern unsigned int decrypt_decrypt_sector(decrypt_key *key, void *data,
 			unsigned long long offset);
 extern decrypt_key *decrypt_make_key(decrypt_session *session,
-			unsigned int data_size, void *data);
+			unsigned int data_size, unsigned char *data);
 extern int decrypt_get_block_size(decrypt_key *key);
 
 #endif /* defined _NTFS_DECRYPT_H */

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs ntfsresize.c,1.77,1.78

[Szabolcs S. <sz...@us...>]

Changes by: szaka

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32748/ntfsprogs

Modified Files:
	ntfsresize.c 
Log Message:
Fix in relocate_attributes(): don't stop processing of MFT record attributes 
at AT_DATA of $BadClus and $Bitmap. In practice, there aren't non-resident
attributes after them so this recent bug shouldn't have caused data loss.


Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/ntfsresize.c,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -p -r1.77 -r1.78
--- ntfsresize.c	18 Jul 2005 22:09:47 -0000	1.77
+++ ntfsresize.c	24 Jul 2005 09:06:55 -0000	1.78
@@ -1640,11 +1640,11 @@ static void relocate_attributes(ntfs_res
 		if (ret == -1)
 			exit(1);
 		else if (ret == 1)
-			break;
+			continue;
 
 		if (resize->mref == FILE_Bitmap && 
 		    resize->ctx->attr->type == AT_DATA)
-			break;
+			continue;
 
 		relocate_attribute(resize);
 	}

[Linux-NTFS-cvs] CVS: ntfsprogs/libntfs attrib.c,1.167,1.168 attrlist.c,1.26,1.27 index.c,1.7,1.8

[Yura P. <cha...@us...>]

Changes by: cha0smaster

Update of /cvsroot/linux-ntfs/ntfsprogs/libntfs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31568/libntfs

Modified Files:
	attrib.c attrlist.c index.c 
Log Message:
* Fix bug in index.c (see Changelog).
* Minor fixes to attr{ib,list}.c.


Index: attrib.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/libntfs/attrib.c,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -p -r1.167 -r1.168
--- attrib.c	6 Jul 2005 22:47:16 -0000	1.167
+++ attrib.c	23 Jul 2005 00:50:32 -0000	1.168
@@ -2858,8 +2858,8 @@ int ntfs_attr_record_rm(ntfs_attr_search
  * @name_len:	name length in unicode characters of the new attribute
  * @size:	size of the new attribute
  *
- * If inode haven't got enough space to add attribute, add attribute to one of it
- * extents, if no extents present or no one of them have enough space, than
+ * If inode haven't got enough space to add attribute, add attribute to one of
+ * it extents, if no extents present or no one of them have enough space, than
  * allocate new extent and add attribute to it.
  *
  * If on one of this steps attribute list is needed but not present, than it is
@@ -4792,20 +4792,7 @@ put_err_out:
  * attribute is made bigger and the attribute is resident the newly
  * "allocated" space is cleared and if the attribute is non-resident the
  * newly allocated space is marked as not initialised and no real allocation
- * on disk is performed. FIXME: Do we have to create sparse runs or can we just
- * leave the runlist to finish below data_size, i.e. can we have
- * allocated_size < data_size? I guess that what we can't and thus we will have
- * to set the sparse bit of the attribute and create sparse runs to ensure that
- * allocated_size is >= data_size. We don't need to clear the partial run at
- * the end of the real allocation because we leave initialized_size low enough.
- * FIXME: Do we want that? Alternatively, we leave initialized_size = data_size
- * and do clear the partial run. The latter approach would be more inline with
- * what windows would do, even though windows wouldn't even make the attribute
- * sparse, it would just allocate clusters instead. TODO: Check what happens on
- * WinXP and 2003. FIXME: Make sure to check what NT4 does with an NTFS1.2
- * volume that has sparse files. I suspect it will blow up so we will need to
- * perform allocations of clusters, like NT4 would do for NTFS1.2 while we can
- * use sparse attributes on NTFS3.x.
+ * on disk is performed.
  *
  * On success return 0 and on error return -1 with errno set to the error code.
  * The following error codes are defined:

Index: attrlist.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/libntfs/attrlist.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- attrlist.c	6 Jul 2005 22:47:16 -0000	1.26
+++ attrlist.c	23 Jul 2005 00:50:33 -0000	1.27
@@ -92,6 +92,7 @@ int ntfs_attrlist_need(ntfs_inode *ni)
  *	EINVAL	- Invalid arguments passed to function.
  *	ENOMEM	- Not enough memory to allocate necessary buffers.
  *	EIO	- I/O error occurred or damaged filesystem.
+ *	EEXIST	- Such attribute already present in attribute list.
  */
 int ntfs_attrlist_entry_add(ntfs_inode *ni, ATTR_RECORD *attr)
 {
@@ -159,7 +160,7 @@ int ntfs_attrlist_entry_add(ntfs_inode *
 			continue;
 		if (sle64_to_cpu(ale->lowest_vcn) ==
 				sle64_to_cpu(attr->lowest_vcn)) {
-			err = EINVAL;
+			err = EEXIST;
 			Dprintf("%s(): Attribute with same type, name and "
 				"lowest vcn already present in attribute "
 				"list.\n", __FUNCTION__);

Index: index.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/libntfs/index.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- index.c	6 Jul 2005 22:47:17 -0000	1.7
+++ index.c	23 Jul 2005 00:50:34 -0000	1.8
@@ -53,7 +53,7 @@ ntfs_index_context *ntfs_index_ctx_get(n
 		*ictx = (ntfs_index_context) {
 			.ni = ni,
 			.name = name,
-			.name_len = name_len
+			.name_len = name_len,
 		};
 	return ictx;
 }
@@ -88,7 +88,6 @@ void ntfs_index_ctx_put(ntfs_index_conte
 		}
 	}
 	free(ictx);
-	return;
 }
 
 /**
@@ -202,6 +201,7 @@ ir_done:
 			ictx->is_in_root = TRUE;
 			ictx->actx = actx;
 			ictx->ia = NULL;
+			ictx->ir = ir;
 done:
 			ictx->entry = ie;
 			ictx->data = (u8*)ie + offsetof(INDEX_ENTRY, key);

[Linux-NTFS-cvs] CVS: ntfsprogs ChangeLog,1.248,1.249

[Yura P. <cha...@us...>]

Changes by: cha0smaster

Update of /cvsroot/linux-ntfs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31568

Modified Files:
	ChangeLog 
Log Message:
* Fix bug in index.c (see Changelog).
* Minor fixes to attr{ib,list}.c.


Index: ChangeLog
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ChangeLog,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -p -r1.248 -r1.249
--- ChangeLog	20 Jul 2005 19:06:28 -0000	1.248
+++ ChangeLog	23 Jul 2005 00:50:31 -0000	1.249
@@ -3,7 +3,9 @@ xx/xx/xxxx - 1.12.0-WIP
 	- ntfsls: fix showing not system files started with '$'.  (Yura)
 	- Move ntfs2utc and utc2ntfs from utils.[ch] to timeconv.h.  (Yura)
 	- Add [acm]time fields to struct ntfs_inode and set them during
-	  ntfs_inode_open.  Update ntfsmount to use them. (Yura)
+	  ntfs_inode_open.  Update ntfsmount to use them.  (Yura)
+	- index.c::ntfs_index_lookup: fix bug when index context didn't point
+	  on index root in which entry located.  (Yura)
 
 20/07/2005 - 1.11.1 - Fix several ntfsmount bugs.
 

[Linux-NTFS-cvs] CVS: ntfsprogs/ntfsprogs decrypt.c,1.5,1.6

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18201

Modified Files:
	decrypt.c 
Log Message:
First attempts at DesX decryption (not working yet!).


Index: decrypt.c
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ntfsprogs/decrypt.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- decrypt.c	21 Jul 2005 12:12:48 -0000	1.5
+++ decrypt.c	22 Jul 2005 23:45:32 -0000	1.6
@@ -97,6 +97,7 @@ typedef struct {
 
 typedef struct {
 	unsigned int gcry_algo;
+	unsigned int gcry_mode;
 	char *key_data;
 	gcry_cipher_hd_t gcry_cipher_hd; // handle to the decrypted FEK.
 	gcry_sexp_t sexp_key;  // the user's RSA key.
@@ -429,9 +430,39 @@ unsigned int decrypt_decrypt_sector(decr
 	// FIXME: Why are we not calling gcry_cipher_setiv() here instead of
 	// doing it by hand after the decryption?
 
-	if ((gcry_error2 = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
-				data, 512, NULL, 0))) {
-		fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
+	if (dkey->gcry_mode == GCRY_CIPHER_MODE_CBC) {
+		if ((gcry_error2 = gcry_cipher_decrypt(dkey->gcry_cipher_hd,
+					data, 512, NULL, 0))) {
+			fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
+		}
+	} else {
+		u64 *pos, *end;
+		u64 k2, k3;
+
+		/* DesX is special. */
+		// FIXME: Need to find out which 8 bytes are the DES key...
+		pos = data;
+		end = data + (512/8);
+
+		k2 = *(u64*)dkey->key_data;
+		//k2 = *(u64*)(dkey->key_data + 8);
+		//k2 = *(u64*)(dkey->key_data + 16);
+
+		//k3 = *(u64*)(dkey->key_data);
+		k3 = *(u64*)(dkey->key_data + 8);
+		//k3 = *(u64*)(dkey->key_data + 16);
+
+		do {
+			*pos ^= k2;
+			if ((gcry_error2 = gcry_cipher_decrypt(
+					dkey->gcry_cipher_hd,
+					(unsigned char*)pos, 8, NULL, 0))) {
+				fprintf(stderr, "gcry_error2 is %u.\n",
+						gcry_error2);
+				break;
+			}
+			*pos ^= k3;
+		} while (++pos < end);
 	}
 
 	if (dkey->gcry_algo == GCRY_CIPHER_AES256) {
@@ -485,7 +516,7 @@ void desx_key_expand(u8 *src, u8* dst) {
 }
 
 static decrypt_key *decrypt_make_gcry_key(char *key_data, int gcry_algo) {
-	int gcry_mode, gcry_length;
+	int gcry_length;
 	gcry_error_t gcry_error2;
 	DECRYPT_KEY *key;
 
@@ -494,33 +525,42 @@ static decrypt_key *decrypt_make_gcry_ke
 		return NULL;
 	}
 
+	key->key_data = key_data;
+
 	switch (gcry_algo) {
-		case GCRY_CIPHER_DES_SK:
-			gcry_mode = GCRY_CIPHER_MODE_CBC;
-			gcry_length = 24;
-			break;
-		case GCRY_CIPHER_3DES:
-			gcry_mode = GCRY_CIPHER_MODE_CBC;
-			gcry_length = 24;
-			break;
-		case GCRY_CIPHER_AES256:
-			gcry_mode = GCRY_CIPHER_MODE_CBC;
-			gcry_length = 32;
-			break;
-		default:
-			/* FIXME: This should use standard Des. */
-			errno = ENOTSUP;
-			return 0;
+	case GCRY_CIPHER_DES_SK:
+		gcry_algo = GCRY_CIPHER_DES;
+		key->gcry_mode = GCRY_CIPHER_MODE_ECB;
+		gcry_length = 8;
+		//key_data += 8;
+		key_data += 16;
+		break;
+	case GCRY_CIPHER_3DES:
+		key->gcry_mode = GCRY_CIPHER_MODE_CBC;
+		gcry_length = 24;
+		break;
+	case GCRY_CIPHER_AES256:
+		key->gcry_mode = GCRY_CIPHER_MODE_CBC;
+		gcry_length = 32;
+		break;
+	case GCRY_CIPHER_DES:
+		key->gcry_mode = GCRY_CIPHER_MODE_CBC;
+		gcry_length = 8;
+		break;
+	default:
+		errno = ENOTSUP;
+		return 0;
 	}
 
 	if ((gcry_error2 = gcry_cipher_open(&key->gcry_cipher_hd, gcry_algo,
-				gcry_mode, 0)) != GPG_ERR_NO_ERROR) {
+				key->gcry_mode, 0)) != GPG_ERR_NO_ERROR) {
+		fprintf(stderr, "gcry_error1 is %u.\n", gcry_error2);
 		errno = -1;
 		return 0;
 	}
 
-	if ((gcry_error2 = gcry_cipher_setkey(key->gcry_cipher_hd, key_data,
-					gcry_length))) {
+	if ((gcry_error2 = gcry_cipher_setkey(key->gcry_cipher_hd,
+			key_data, gcry_length))) {
 		fprintf(stderr, "gcry_error2 is %u.\n", gcry_error2);
 	}
 
@@ -535,30 +575,25 @@ decrypt_key *decrypt_make_key(
 		void *data) {
 	unsigned int key_size, alg_id;
 	char *key_data;
-	u8 desx_key[192 / 16];
+	u8 desx_key[192 / 8];
 
 	key_size = *((unsigned int *)data);
 	alg_id   = *(((unsigned int *)data) + 2);
 	key_data = (((char *)data) + 16);
 
 	switch (alg_id) {
-		case CALG_DESX:
-			desx_key_expand(key_data, desx_key);
-			//fprintf(stderr, "DESX key of %u bytes\n", key_size);
-			return decrypt_make_gcry_key(desx_key,
-						GCRY_CIPHER_DES_SK); 
-		case CALG_3DES:
-			//fprintf(stderr, "3DES Key of %u bytes\n", key_size);
-			return decrypt_make_gcry_key(key_data,
-						GCRY_CIPHER_3DES); 
-		case CALG_AES_256:
-			//fprintf(stderr, "AES Key of %u bytes\n", key_size);
-			return decrypt_make_gcry_key(key_data,
-						GCRY_CIPHER_AES256);
-		default:
-			//fprintf(stderr, "DES key of %u bytes\n", key_size);
-			fprintf(stderr, "DES is not supported yet.\n");
-			errno = ENOTSUP;
-			return NULL;
+	case CALG_DESX:
+		fprintf(stderr, "DESX key of %u bytes\n", key_size);
+		desx_key_expand(key_data, desx_key);
+		return decrypt_make_gcry_key(desx_key, GCRY_CIPHER_DES_SK); 
+	case CALG_3DES:
+		fprintf(stderr, "3DES Key of %u bytes\n", key_size);
+		return decrypt_make_gcry_key(key_data, GCRY_CIPHER_3DES); 
+	case CALG_AES_256:
+		fprintf(stderr, "AES Key of %u bytes\n", key_size);
+		return decrypt_make_gcry_key(key_data, GCRY_CIPHER_AES256);
+	default:
+		fprintf(stderr, "DES key of %u bytes\n", key_size);
+		return decrypt_make_gcry_key(key_data, GCRY_CIPHER_DES);
 	}
 }

[Linux-NTFS-cvs] CVS: ntfsprogs Makefile.in,1.40,1.41 aclocal.m4,1.33,1.34 config.guess,1.29,1.30 config.sub,1.29,1.30 configure,1.93,1.94 ltmain.sh,1.26,1.27

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv537

Modified Files:
	Makefile.in aclocal.m4 config.guess config.sub configure 
	ltmain.sh 
Log Message:
Add a function to ntfsprogs/decrypt.c that expands an on-disk desx key from 128
bits to the needed 192 bits so it can be used for {en,de}cryption.
Note I couldn't face using the completely insane libgcrypt api so I used
openssl's libcrypto instead...  Anyone feel free to swap once we have it
working.


Index: Makefile.in
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/Makefile.in,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -p -r1.40 -r1.41
--- Makefile.in	20 Jul 2005 19:06:28 -0000	1.40
+++ Makefile.in	21 Jul 2005 12:12:37 -0000	1.41
@@ -144,7 +144,6 @@ ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
 ac_ct_RANLIB = @ac_ct_RANLIB@
 ac_ct_STRIP = @ac_ct_STRIP@
-ac_pt_PKG_CONFIG = @ac_pt_PKG_CONFIG@
 all_includes = @all_includes@
 all_libraries = @all_libraries@
 am__fastdepCC_FALSE = @am__fastdepCC_FALSE@

Index: aclocal.m4
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/aclocal.m4,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- aclocal.m4	20 Jul 2005 19:06:28 -0000	1.33
+++ aclocal.m4	21 Jul 2005 12:12:37 -0000	1.34
@@ -123,7 +123,7 @@ esac
 
 # Sed substitution that helps us do robust quoting.  It backslashifies
 # metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
+Xsed='sed -e s/^X//'
 [sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g']
 
 # Same as above, but do not quote variable references.
@@ -191,7 +191,7 @@ if test -n "$RANLIB"; then
   old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
 fi
[...1071 lines suppressed...]
+
+  if test $succeeded = yes; then
+     ifelse([$3], , :, [$3])
+  else
+     ifelse([$4], , AC_MSG_ERROR([Library requirements ($2) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.]), [$4])
+  fi
+])
+
 
-To get pkg-config, see <http://www.freedesktop.org/software/pkgconfig>.])],
-		[$4])
-else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
-	ifelse([$3], , :, [$3])
-fi[]dnl
-])# PKG_CHECK_MODULES
 
 # Copyright (C) 2002, 2003, 2005  Free Software Foundation, Inc.
 #

Index: config.guess
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/config.guess,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- config.guess	20 Jul 2005 19:06:32 -0000	1.29
+++ config.guess	21 Jul 2005 12:12:41 -0000	1.30
@@ -136,6 +136,16 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` |
 UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
 
+case "${UNAME_MACHINE}" in
+    i?86)
+	test -z "$VENDOR" && VENDOR=pc
+	;;
+    *)
+	test -z "$VENDOR" && VENDOR=unknown
+	;;
+esac
+test -f /etc/SuSE-release -o -f /.buildenv && VENDOR=suse
+
 # Note: order is significant - the case branches are not exclusive.
 
 case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
@@ -825,25 +835,25 @@ EOF
 	echo ${UNAME_MACHINE}-pc-minix
 	exit 0 ;;
     arm*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     cris:Linux:*:*)
-	echo cris-axis-linux-gnu
+	echo cris-axis-linux
 	exit 0 ;;
     crisv32:Linux:*:*)
-	echo crisv32-axis-linux-gnu
+	echo crisv32-axis-linux
 	exit 0 ;;
     frv:Linux:*:*)
-    	echo frv-unknown-linux-gnu
+    	echo frv-${VENDOR}-linux
 	exit 0 ;;
     ia64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     m32r*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     m68*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     mips:Linux:*:*)
 	eval $set_cc_for_build
@@ -862,7 +872,7 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+	test x"${CPU}" != x && echo "${CPU}-${VENDOR}-linux" && exit 0
 	;;
     mips64:Linux:*:*)
 	eval $set_cc_for_build
@@ -881,13 +891,13 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+	test x"${CPU}" != x && echo "${CPU}-${VENDOR}-linux" && exit 0
 	;;
     ppc:Linux:*:*)
-	echo powerpc-unknown-linux-gnu
+	echo powerpc-${VENDOR}-linux
 	exit 0 ;;
     ppc64:Linux:*:*)
-	echo powerpc64-unknown-linux-gnu
+	echo powerpc64-${VENDOR}-linux
 	exit 0 ;;
     alpha:Linux:*:*)
 	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
@@ -900,34 +910,34 @@ EOF
 	  EV68*) UNAME_MACHINE=alphaev68 ;;
         esac
 	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
-	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
-	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	if test "$?" = 0 ; then LIBC="-libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-${VENDOR}-linux${LIBC}
 	exit 0 ;;
     parisc:Linux:*:* | hppa:Linux:*:*)
 	# Look for CPU level
 	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
-	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
-	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
-	  *)    echo hppa-unknown-linux-gnu ;;
+	  PA7*) echo hppa1.1-${VENDOR}-linux ;;
+	  PA8*) echo hppa2.0-${VENDOR}-linux ;;
+	  *)    echo hppa-${VENDOR}-linux ;;
 	esac
 	exit 0 ;;
     parisc64:Linux:*:* | hppa64:Linux:*:*)
-	echo hppa64-unknown-linux-gnu
+	echo hppa64-${VENDOR}-linux
 	exit 0 ;;
     s390:Linux:*:* | s390x:Linux:*:*)
 	echo ${UNAME_MACHINE}-ibm-linux
 	exit 0 ;;
     sh64*:Linux:*:*)
-    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+    	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     sh*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     sparc:Linux:*:* | sparc64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	echo ${UNAME_MACHINE}-${VENDOR}-linux
 	exit 0 ;;
     x86_64:Linux:*:*)
-	echo x86_64-unknown-linux-gnu
+	echo x86_64-${VENDOR}-linux
 	exit 0 ;;
     i*86:Linux:*:*)
 	# The BFD linker knows what the default object file format is, so
@@ -942,18 +952,18 @@ EOF
 				    p'`
         case "$ld_supported_targets" in
 	  elf32-i386)
-		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		TENTATIVE="${UNAME_MACHINE}-${VENDOR}-linux"
 		;;
 	  a.out-i386-linux)
-		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		echo "${UNAME_MACHINE}-${VENDOR}-linuxaout"
 		exit 0 ;;
 	  coff-i386)
-		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		echo "${UNAME_MACHINE}-${VENDOR}-linuxcoff"
 		exit 0 ;;
 	  "")
-		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# Either a pre-BFD a.out linker (linuxoldld) or
 		# one that does not give us useful --help.
-		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		echo "${UNAME_MACHINE}-${VENDOR}-linuxoldld"
 		exit 0 ;;
 	esac
 	# Determine whether the default compiler is a.out or elf
@@ -982,7 +992,7 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
+	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-${VENDOR}-linux-${LIBC}" | sed 's/linux-gnu/linux/' && exit 0
 	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
 	;;
     i*86:DYNIX/ptx:4*:*)

Index: config.sub
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/config.sub,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- config.sub	20 Jul 2005 19:06:33 -0000	1.29
+++ config.sub	21 Jul 2005 12:12:41 -0000	1.30
@@ -1172,7 +1172,7 @@ case $os in
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
 	      | -chorusos* | -chorusrdb* \
 	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -mingw32* | -linux* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
 	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
 	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
@@ -1205,9 +1205,6 @@ case $os in
 	-linux-dietlibc)
 		os=-linux-dietlibc
 		;;
-	-linux*)
-		os=`echo $os | sed -e 's|linux|linux-gnu|'`
-		;;
 	-sunos5*)
 		os=`echo $os | sed -e 's|sunos5|solaris2|'`
 		;;

Index: configure
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/configure,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -p -r1.93 -r1.94
--- configure	20 Jul 2005 19:06:33 -0000	1.93
+++ configure	21 Jul 2005 12:12:41 -0000	1.94
@@ -466,7 +466,7 @@ ac_includes_default="\
 # include <unistd.h>
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar REALLYSTATIC_TRUE REALLYSTATIC_FALSE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL PKG_CONFIG ac_pt_PKG_CONFIG LIBNTFS_GNOMEVFS_CFLAGS LIBNTFS_GNOMEVFS_LIBS ENABLE_GNOME_VFS_TRUE ENABLE_GNOME_VFS_FALSE FUSE_MODULE_CFLAGS FUSE_MODULE_LIBS ENABLE_FUSE_MODULE_TRUE ENABLE_FUSE_MODULE_FALSE all_includes all_libraries AUTODIRS LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar REALLYSTATIC_TRUE REALLYSTATIC_FALSE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL PKG_CONFIG LIBNTFS_GNOMEVFS_CFLAGS LIBNTFS_GNOMEVFS_LIBS ENABLE_GNOME_VFS_TRUE ENABLE_GNOME_VFS_FALSE FUSE_MODULE_CFLAGS FUSE_MODULE_LIBS ENABLE_FUSE_MODULE_TRUE ENABLE_FUSE_MODULE_FALSE all_includes all_libraries AUTODIRS LIBOBJS LTLIBOBJS'
 ac_subst_files=''
 
 # Initialize some variables set by options.
@@ -947,26 +947,6 @@ ac_env_FFLAGS_set=${FFLAGS+set}
 ac_env_FFLAGS_value=$FFLAGS
 ac_cv_env_FFLAGS_set=${FFLAGS+set}
[...2293 lines suppressed...]
 		fi
 
-else
-	FUSE_MODULE_CFLAGS=$pkg_cv_FUSE_MODULE_CFLAGS
-	FUSE_MODULE_LIBS=$pkg_cv_FUSE_MODULE_LIBS
-	 compile_fuse_module=true
-fi
+  fi
+
 fi
 
 
@@ -23840,7 +23471,6 @@ s,@FFLAGS@,$FFLAGS,;t t
 s,@ac_ct_F77@,$ac_ct_F77,;t t
 s,@LIBTOOL@,$LIBTOOL,;t t
 s,@PKG_CONFIG@,$PKG_CONFIG,;t t
-s,@ac_pt_PKG_CONFIG@,$ac_pt_PKG_CONFIG,;t t
 s,@LIBNTFS_GNOMEVFS_CFLAGS@,$LIBNTFS_GNOMEVFS_CFLAGS,;t t
 s,@LIBNTFS_GNOMEVFS_LIBS@,$LIBNTFS_GNOMEVFS_LIBS,;t t
 s,@ENABLE_GNOME_VFS_TRUE@,$ENABLE_GNOME_VFS_TRUE,;t t

Index: ltmain.sh
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/ltmain.sh,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- ltmain.sh	20 Jul 2005 19:06:40 -0000	1.26
+++ ltmain.sh	21 Jul 2005 12:12:47 -0000	1.27
@@ -17,7 +17,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@@ -43,8 +43,8 @@ EXIT_FAILURE=1
 
 PROGRAM=ltmain.sh
 PACKAGE=libtool
-VERSION=1.5.18
-TIMESTAMP=" (1.1220.2.245 2005/05/16 08:55:27)"
+VERSION=1.5.14
+TIMESTAMP=" (1.1220.2.195 2005/02/12 12:12:33)"
 
 # See if we are running on zsh, and set the options which allow our
 # commands through without removal of \ escapes.
@@ -112,9 +112,8 @@ if test "${LANG+set}" = set; then
 fi
 
 # Make sure IFS has a sensible default
-lt_nl='
-'
-IFS=" 	$lt_nl"
+: ${IFS=" 	
+"}
 
 if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
   $echo "$modename: not configured to build any kind of library" 1>&2
@@ -251,14 +250,37 @@ func_extract_an_archive ()
 {
     f_ex_an_ar_dir="$1"; shift
     f_ex_an_ar_oldlib="$1"
+    f_ex_an_ar_lib=`$echo "X$f_ex_an_ar_oldlib" | $Xsed -e 's%^.*/%%'`
 
     $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
     $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
     if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
      :
     else
-      $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
-      exit $EXIT_FAILURE
+      $echo "$modename: warning: object name conflicts; renaming object files" 1>&2
+      $echo "$modename: warning: to ensure that they will not overwrite" 1>&2
+      $show "cp $f_ex_an_ar_oldlib $f_ex_an_ar_dir/$f_ex_an_ar_lib"
+      $run eval "cp \$f_ex_an_ar_oldlib \$f_ex_an_ar_dir/\$f_ex_an_ar_lib"
+      $AR t "$f_ex_an_ar_oldlib" | sort | uniq -c \
+	| $EGREP -v '^[ 	]*1[ 	]' | while read count name
+      do
+	i=1
+	while test "$i" -le "$count"
+	  do
+	  # Put our $i before any first dot (extension)
+	  # Never overwrite any file
+	  name_to="$name"
+	  while test "X$name_to" = "X$name" || test -f "$f_ex_an_ar_dir/$name_to"
+	    do
+	    name_to=`$echo "X$name_to" | $Xsed -e "s/\([^.]*\)/\1-$i/"`
+	  done
+	  $show "(cd $f_ex_an_ar_dir && $AR x  $f_ex_an_ar_lib '$name' && $mv '$name' '$name_to')"
+	  $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_lib '$name' && $mv '$name' '$name_to' && $AR -d \$f_ex_an_ar_lib '$name')" || exit $?
+	  i=`expr $i + 1`
+	done
+      done
+      $show "$rm $f_ex_an_ar_dir/$f_ex_an_ar_lib"
+      $run eval "$rm \$f_ex_an_ar_dir/\$f_ex_an_ar_lib"
     fi
 }
 
@@ -735,15 +757,6 @@ if test -z "$show_help"; then
       esac
     done
 
-    qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
-    case $qlibobj in
-      *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
-	qlibobj="\"$qlibobj\"" ;;
-    esac
-    if test "X$libobj" != "X$qlibobj"; then
-	$echo "$modename: libobj name \`$libobj' may not contain shell special characters."
-	exit $EXIT_FAILURE
-    fi
     objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
     xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
     if test "X$xdir" = "X$obj"; then
@@ -816,17 +829,12 @@ compiler."
 	$run $rm $removelist
 	exit $EXIT_FAILURE
       fi
-      $echo "$srcfile" > "$lockfile"
+      $echo $srcfile > "$lockfile"
     fi
 
     if test -n "$fix_srcfile_path"; then
       eval srcfile=\"$fix_srcfile_path\"
     fi
-    qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
-    case $qsrcfile in
-      *$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
-      qsrcfile="\"$qsrcfile\"" ;;
-    esac
 
     $run $rm "$libobj" "${libobj}T"
 
@@ -848,10 +856,10 @@ EOF
       fbsd_hideous_sh_bug=$base_compile
 
       if test "$pic_mode" != no; then
-	command="$base_compile $qsrcfile $pic_flag"
+	command="$base_compile $srcfile $pic_flag"
       else
 	# Don't build PIC code
-	command="$base_compile $qsrcfile"
+	command="$base_compile $srcfile"
       fi
 
       if test ! -d "${xdir}$objdir"; then
@@ -931,9 +939,9 @@ EOF
     if test "$build_old_libs" = yes; then
       if test "$pic_mode" != yes; then
 	# Don't build PIC code
-	command="$base_compile $qsrcfile"
+	command="$base_compile $srcfile"
       else
-	command="$base_compile $qsrcfile $pic_flag"
+	command="$base_compile $srcfile $pic_flag"
       fi
       if test "$compiler_c_o" = yes; then
 	command="$command -o $obj"
@@ -1357,8 +1365,6 @@ EOF
 	  ;;
         darwin_framework)
 	  compiler_flags="$compiler_flags $arg"
-	  compile_command="$compile_command $arg"
-	  finalize_command="$finalize_command $arg"
 	  prev=
 	  continue
 	  ;;
@@ -1423,8 +1429,6 @@ EOF
       -framework)
         prev=darwin_framework
         compiler_flags="$compiler_flags $arg"
-	compile_command="$compile_command $arg"
-	finalize_command="$finalize_command $arg"
         continue
         ;;
 
@@ -2848,13 +2852,13 @@ EOF
 	      *) continue ;;
 	      esac
 	      case " $deplibs " in
-	      *" $path "*) ;;
-	      *) deplibs="$path $deplibs" ;;
-	      esac
-	      case " $deplibs " in
 	      *" $depdepl "*) ;;
 	      *) deplibs="$depdepl $deplibs" ;;
 	      esac
+	      case " $deplibs " in
+	      *" $path "*) ;;
+	      *) deplibs="$deplibs $path" ;;
+	      esac
 	    done
 	  fi # link_all_deplibs != no
 	fi # linkmode = lib
@@ -3120,7 +3124,7 @@ EOF
 	case $current in
 	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
 	*)
-	  $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
+	  $echo "$modename: CURRENT \`$current' is not a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
 	  exit $EXIT_FAILURE
 	  ;;
@@ -3129,7 +3133,7 @@ EOF
 	case $revision in
 	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
 	*)
-	  $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
+	  $echo "$modename: REVISION \`$revision' is not a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
 	  exit $EXIT_FAILURE
 	  ;;
@@ -3138,7 +3142,7 @@ EOF
 	case $age in
 	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
 	*)
-	  $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
+	  $echo "$modename: AGE \`$age' is not a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
 	  exit $EXIT_FAILURE
 	  ;;
@@ -5087,63 +5091,6 @@ fi\
       if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
        cmds=$old_archive_from_new_cmds
       else
-	# POSIX demands no paths to be encoded in archives.  We have
-	# to avoid creating archives with duplicate basenames if we
-	# might have to extract them afterwards, e.g., when creating a
-	# static archive out of a convenience library, or when linking
-	# the entirety of a libtool archive into another (currently
-	# not supported by libtool).
-	if (for obj in $oldobjs
-	    do
-	      $echo "X$obj" | $Xsed -e 's%^.*/%%'
-	    done | sort | sort -uc >/dev/null 2>&1); then
-	  :
-	else
-	  $echo "copying selected object files to avoid basename conflicts..."
-
-	  if test -z "$gentop"; then
-	    gentop="$output_objdir/${outputname}x"
-	    generated="$generated $gentop"
-
-	    $show "${rm}r $gentop"
-	    $run ${rm}r "$gentop"
-	    $show "$mkdir $gentop"
-	    $run $mkdir "$gentop"
-	    status=$?
-	    if test "$status" -ne 0 && test ! -d "$gentop"; then
-	      exit $status
-	    fi
-	  fi
-
-	  save_oldobjs=$oldobjs
-	  oldobjs=
-	  counter=1
-	  for obj in $save_oldobjs
-	  do
-	    objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
-	    case " $oldobjs " in
-	    " ") oldobjs=$obj ;;
-	    *[\ /]"$objbase "*)
-	      while :; do
-		# Make sure we don't pick an alternate name that also
-		# overlaps.
-		newobj=lt$counter-$objbase
-		counter=`expr $counter + 1`
-		case " $oldobjs " in
-		*[\ /]"$newobj "*) ;;
-		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
-		esac
-	      done
-	      $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
-	      $run ln "$obj" "$gentop/$newobj" ||
-	      $run cp "$obj" "$gentop/$newobj"
-	      oldobjs="$oldobjs $gentop/$newobj"
-	      ;;
-	    *) oldobjs="$oldobjs $obj" ;;
-	    esac
-	  done
-	fi
-
 	eval cmds=\"$old_archive_cmds\"
 
 	if len=`expr "X$cmds" : ".*"` &&
@@ -5157,7 +5104,20 @@ fi\
 	  objlist=
 	  concat_cmds=
 	  save_oldobjs=$oldobjs
-
+	  # GNU ar 2.10+ was changed to match POSIX; thus no paths are
+	  # encoded into archives.  This makes 'ar r' malfunction in
+	  # this piecewise linking case whenever conflicting object
+	  # names appear in distinct ar calls; check, warn and compensate.
+	    if (for obj in $save_oldobjs
+	    do
+	      $echo "X$obj" | $Xsed -e 's%^.*/%%'
+	    done | sort | sort -uc >/dev/null 2>&1); then
+	    :
+	  else
+	    $echo "$modename: warning: object name conflicts; overriding AR_FLAGS to 'cq'" 1>&2
+	    $echo "$modename: warning: to ensure that POSIX-compatible ar will work" 1>&2
+	    AR_FLAGS=cq
+	  fi
 	  # Is there a better way of finding the last object in the list?
 	  for obj in $save_oldobjs
 	  do
@@ -6066,14 +6026,14 @@ relink_command=\"$relink_command\""
       fi
 
       # Now prepare to actually exec the command.
-      exec_cmd="\$cmd$args"
+      exec_cmd="\"\$cmd\"$args"
     else
       # Display what would be done.
       if test -n "$shlibpath_var"; then
 	eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
 	$echo "export $shlibpath_var"
       fi
-      $echo "$cmd$args"
+      eval \$echo \"\$cmd\"$args
       exit $EXIT_SUCCESS
     fi
     ;;

[Linux-NTFS-cvs] CVS: ntfsprogs/libntfs Makefile.in,1.54,1.55

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/libntfs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv537/libntfs

Modified Files:
	Makefile.in 
Log Message:
Add a function to ntfsprogs/decrypt.c that expands an on-disk desx key from 128
bits to the needed 192 bits so it can be used for {en,de}cryption.
Note I couldn't face using the completely insane libgcrypt api so I used
openssl's libcrypto instead...  Anyone feel free to swap once we have it
working.


Index: Makefile.in
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/libntfs/Makefile.in,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -p -r1.54 -r1.55
--- Makefile.in	20 Jul 2005 19:06:48 -0000	1.54
+++ Makefile.in	21 Jul 2005 12:12:48 -0000	1.55
@@ -194,7 +194,6 @@ ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
 ac_ct_RANLIB = @ac_ct_RANLIB@
 ac_ct_STRIP = @ac_ct_STRIP@
-ac_pt_PKG_CONFIG = @ac_pt_PKG_CONFIG@
 all_includes = @all_includes@
 all_libraries = @all_libraries@
 am__fastdepCC_FALSE = @am__fastdepCC_FALSE@

[Linux-NTFS-cvs] CVS: ntfsprogs/include Makefile.in,1.39,1.40

[Anton A. <an...@us...>]

Changes by: antona

Update of /cvsroot/linux-ntfs/ntfsprogs/include
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv537/include

Modified Files:
	Makefile.in 
Log Message:
Add a function to ntfsprogs/decrypt.c that expands an on-disk desx key from 128
bits to the needed 192 bits so it can be used for {en,de}cryption.
Note I couldn't face using the completely insane libgcrypt api so I used
openssl's libcrypto instead...  Anyone feel free to swap once we have it
working.


Index: Makefile.in
===================================================================
RCS file: /cvsroot/linux-ntfs/ntfsprogs/include/Makefile.in,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -p -r1.39 -r1.40
--- Makefile.in	20 Jul 2005 19:06:47 -0000	1.39
+++ Makefile.in	21 Jul 2005 12:12:47 -0000	1.40
@@ -128,7 +128,6 @@ ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
 ac_ct_RANLIB = @ac_ct_RANLIB@
 ac_ct_STRIP = @ac_ct_STRIP@
-ac_pt_PKG_CONFIG = @ac_pt_PKG_CONFIG@
 all_includes = @all_includes@
 all_libraries = @all_libraries@
 am__fastdepCC_FALSE = @am__fastdepCC_FALSE@