X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=configure.in;h=dba71fa7307258e1547d5e7f07c039210627aedb;hb=37d52bf01b54fcafe0799182f55c2e3d86faf80e;hp=55706a0e154bc8bb296623dc2c53ec49b84b3ede;hpb=54b21c6e461197634f372a539defb98d632e9c9f;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/configure.in b/configure.in index 55706a0..dba71fa 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,11 @@ AC_PREREQ([2.67]) -AC_INIT([cryptsetup],[1.4.3-git]) +AC_INIT([cryptsetup],[1.6.0-rc1]) dnl library version from ..[-] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) -LIBCRYPTSETUP_VERSION_INFO=5:0:1 +LIBCRYPTSETUP_VERSION_INFO=9:0:5 +dnl library file name for FIPS selfcheck +LIBCRYPTSETUP_VERSION_FIPS="libcryptsetup.so.4" AC_CONFIG_SRCDIR(src/cryptsetup.c) AC_CONFIG_MACRO_DIR([m4]) @@ -69,6 +71,18 @@ AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restricti if test "x$with_fips" = "xyes"; then AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions]) + AC_DEFINE_UNQUOTED(LIBCRYPTSETUP_VERSION_FIPS, ["$LIBCRYPTSETUP_VERSION_FIPS"], + [library file name for FIPS selfcheck]) + + if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then + AC_MSG_ERROR([Static build is not compatible with FIPS.]) + fi + + saved_LIBS=$LIBS + AC_CHECK_LIB(fipscheck, FIPSCHECK_verify, ,[AC_MSG_ERROR([You need the fipscheck library.])]) + AC_SUBST(FIPSCHECK_LIBS, $LIBS) + LIBS=$saved_LIBS + fi AC_DEFUN([NO_FIPS], [ @@ -78,6 +92,21 @@ AC_DEFUN([NO_FIPS], [ ]) dnl ========================================================================== +dnl pwquality library (cryptsetup CLI only) +AC_ARG_ENABLE([pwquality], AS_HELP_STRING([--enable-pwquality],[enable password quality checking]), +[with_pwquality=$enableval], +[with_pwquality=no]) + +if test "x$with_pwquality" = "xyes"; then + AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking]) + PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],, + AC_MSG_ERROR([You need pwquality library.])) + + dnl FIXME: this is really hack for now + PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz" +fi + +dnl ========================================================================== dnl Crypto backend functions AC_DEFUN([CONFIGURE_GCRYPT], [ @@ -130,6 +159,12 @@ AC_DEFUN([CONFIGURE_NSS], [ PKG_CHECK_MODULES([NSS], [nss],, AC_MSG_ERROR([You need nss library.])) + + saved_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS $NSS_CFLAGS" + AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include ]) + CFLAGS=$saved_CFLAGS + CRYPTO_CFLAGS=$NSS_CFLAGS CRYPTO_LIBS=$NSS_LIBS NO_FIPS([]) @@ -137,7 +172,7 @@ AC_DEFUN([CONFIGURE_NSS], [ AC_DEFUN([CONFIGURE_KERNEL], [ AC_CHECK_HEADERS(linux/if_alg.h,, - [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])]) + [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])]) # AC_CHECK_DECLS([AF_ALG],, # [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], # [#include ]) @@ -170,7 +205,17 @@ if test x$enable_static_cryptsetup = xyes; then enable_static=yes fi fi -AM_CONDITIONAL(STATIC_CRYPTSETUP, test x$enable_static_cryptsetup = xyes) +AM_CONDITIONAL(STATIC_TOOLS, test x$enable_static_cryptsetup = xyes) + +AC_ARG_ENABLE(veritysetup, + AS_HELP_STRING([--disable-veritysetup], + [disable veritysetup support]),[], [enable_veritysetup=yes]) +AM_CONDITIONAL(VERITYSETUP, test x$enable_veritysetup = xyes) + +AC_ARG_ENABLE([cryptsetup-reencrypt], + AS_HELP_STRING([--enable-cryptsetup-reencrypt], + [enable cryptsetup-reencrypt tool])) +AM_CONDITIONAL(REENCRYPT, test x$enable_cryptsetup_reencrypt = xyes) AC_ARG_ENABLE(selinux, AS_HELP_STRING([--disable-selinux], @@ -208,6 +253,19 @@ AC_ARG_WITH([crypto_backend], AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]), [], with_crypto_backend=gcrypt ) + +dnl Kernel crypto API backend needed for benchmark and tcrypt +AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto], + [disable kernel userspace crypto (no benchmark and tcrypt)]), + [with_kernel_crypto=$enableval], + [with_kernel_crypto=yes]) + +if test "x$with_kernel_crypto" = "xyes"; then + AC_CHECK_HEADERS(linux/if_alg.h,, + [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])]) + AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto]) +fi + case $with_crypto_backend in gcrypt) CONFIGURE_GCRYPT([]) ;; openssl) CONFIGURE_OPENSSL([]) ;; @@ -257,12 +315,16 @@ fi AC_SUBST([DEVMAPPER_LIBS]) AC_SUBST([DEVMAPPER_STATIC_LIBS]) +AC_SUBST([PWQUALITY_LIBS]) +AC_SUBST([PWQUALITY_STATIC_LIBS]) + AC_SUBST([CRYPTO_CFLAGS]) AC_SUBST([CRYPTO_LIBS]) AC_SUBST([CRYPTO_STATIC_LIBS]) AC_SUBST([LIBCRYPTSETUP_VERSION]) AC_SUBST([LIBCRYPTSETUP_VERSION_INFO]) +AC_SUBST([LIBCRYPTSETUP_VERSION_FIPS]) dnl ========================================================================== AC_ARG_ENABLE([dev-random], AS_HELP_STRING([--enable-dev-random], @@ -315,12 +377,18 @@ CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha1]) CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes]) CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [cbc-essiv:sha256]) CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256]) +CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000]) CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes]) CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256]) -CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in kilobytes)], [8192]) -CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in kilobytes)], [512]) +CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192]) +CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in characters)], [512]) + +CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256]) +CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096]) +CS_NUM_WITH([verity-hash-block], [hash block size for verity mode], [4096]) +CS_NUM_WITH([verity-salt-size], [salt size for verity mode], [32]) dnl ========================================================================== @@ -330,6 +398,8 @@ lib/libcryptsetup.pc lib/crypto_backend/Makefile lib/luks1/Makefile lib/loopaes/Makefile +lib/verity/Makefile +lib/tcrypt/Makefile src/Makefile po/Makefile.in man/Makefile