Yes, that could be it. /usr/include/linux is a directory under Debian and it has stuff in it even if you do not have a kernel-header or kernel package installed. Apparently these files come from the linux-libc-dev package and seems to be a subset (and older) of what is in /usr/src/linux-3.4.19/include/linux/ Anyways, moved /usr/include/linux out of the way and linked /usr/src/linux-3.4.19/include/linux to /usr/include/linux (via intermediate link to hide kernel version), and cryptsetup compiles. Milan: I think presence of if_alg.h should be verified in the configure script, possibly with a brief explanation what the problem is on fail. The compile-error is a bit obscure. One error on make-check: "lsblk: command not found" => UUID check failed. Seems lsblk is not available on Debian squeeze. It is in wheezy though, so that should fix itself with a bit of time.. Anyways, good job! I really like the true-crypt stuff, so far it was a pain to move anything between Linux and Windows (both encrypted) on my laptop. Arno On Sun, Dec 30, 2012 at 09:56:20AM +0100, Sven Eschenberg wrote: > Hi Arno, > > On my sys I have the file /usr/include/linux/if_alg.h in the > kernel-headers package (not debian). > > And the source file in the kernel is: > /usr/src/linux-3.4.13/include/linux/if_alg.h > or /usr/src/linux/include/linux/if_alg.h for that matter > > The question though is, whether your /usr/include/linux is a link or > provided by a kernel header package. If it's a proper link you should not > run into the problem described. > > Hope this helps. > > -Sven > > On Sun, December 30, 2012 09:38, Arno Wagner wrote: > > Hmm. Fails to build because it does not find linux/if_alg.h > > This is on Debian with a self-compiled 3.4.19. I suspect > > some link to the kernel-headers is missing. Can anybody tell > > me what I should link where? Kernel dir is linked to /usr/src/linux > > as traditional. > > > > Arno > > > > On Sat, Dec 29, 2012 at 10:40:44PM +0100, Milan Broz wrote: > >> > >> The testing release candidate cryptsetup 1.6.0-rc1 is available at > >> > >> http://code.google.com/p/cryptsetup/ > >> > >> Feedback and bug reports are welcomed. > >> > >> Cryptsetup 1.6.0 Release Notes (RC1) > >> ==================================== > >> > >> Changes since version 1.5.1 > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > >> Important changes > >> ~~~~~~~~~~~~~~~~~ > >> > >> * Cryptsetup and libcryptsetup is now released under GPLv2+ > >> (GPL version 2 or any later). > >> Some internal code handling files (loopaes, verity, tcrypt > >> and crypto backend wrapper) are LGPLv2+. > >> > >> Previously code was GPL version 2 only. > >> > >> > >> * Introducing new unified command open and close. > >> > >> Example: > >> cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name> > >> (type defaults to luks) > >> > >> with backward-compatible aliases plainOpen, luksOpen, loopaesOpen, > >> tcryptOpen. Basically "open --type xyz" has alias "xyzOpen". > >> > >> The "create" command (plain device create) is DEPRECATED but will > >> be still supported. > >> (This command is confusing because of switched arguments order.) > >> > >> The close command is generic command to remove mapping and have > >> backward compatible aliases (remove, luksClose, ...) which behaves > >> exactly the same. > >> > >> While all old syntax is still supported, I strongly suggest to use > >> new command syntax which is common for all device types (and possible > >> new formats added in future). > >> > >> > >> * cryptsetup now support directly TCRYPT (TrueCrypt and compatible > >> tc-play) > >> on-disk format > >> (Code is independent implementation not related to original project). > >> > >> Only dump (tcryptDump command) and activation (open --type tcrypt or > >> tcryptOpen) > >> of TCRYPT device are supported. No header changes are supported. > >> > >> It is intended to easily access containers shared with other > >> operating systems > >> without need to install 3rd party software. For native Linux > >> installations LUKS > >> is the preferred format. > >> > >> WARNING: TCRYPT extension requires kernel userspace crypto API to > >> be available > >> (kernel af_alg and algif_skcipher modules, introduced in Linux kernel > >> 2.6.38). > >> > >> Because TCRYPT header is encrypted, you have to always provide > >> valid > >> passphrase and keyfiles. Keyfiles are handled exactly the same as in > >> original > >> format (basically, first 1MB of every keyfile is mixed using CRC32 > >> into pool). > >> > >> Cryptsetup should recognize all TCRYPT header variants ever released, > >> except > >> legacy cipher chains using LRW encryption mode with 64 bits > >> encryption block > >> (namely Blowfish in LRW mode is not recognized, this is limitation of > >> kernel > >> crypto API). > >> > >> Device activation is supported only for LRW/XTS modes (again, > >> limitation > >> of kernel dmcrypt which do not implements TCRYPT extensions to CBC > >> mode). > >> (So old containers cannot be activated, but you can use libcryptsetup > >> for lost password search, example of such code is included in misc > >> directory.) > >> > >> Hidden header are supported using --tcrypt-hidden option, system > >> encryption > >> using --tcrypt-system option. > >> > >> For detailed description see man page. > >> > >> EXAMPLE: > >> * Dump device parameters of container in file: > >> > >> # cryptsetup tcryptDump tst > >> Enter passphrase: > >> > >> TCRYPT header information for tst > >> Version: 5 > >> Driver req.: 7 > >> Sector size: 512 > >> MK offset: 131072 > >> PBKDF2 hash: sha512 > >> Cipher chain: serpent-twofish-aes > >> Cipher mode: xts-plain64 > >> MK bits: 1536 > >> > >> You can also dump master key using --dump-master-key. > >> Dump does not require superuser privilege. > >> > >> * Activation of this container > >> > >> # cryptsetup tcryptOpen tst tcrypt_dev > >> Enter passphrase: > >> (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.) > >> > >> * See status of active TCRYPT device > >> > >> # cryptsetup status tcrypt_dev > >> > >> /dev/mapper/tcrypt_dev is active. > >> type: TCRYPT > >> cipher: serpent-twofish-aes-xts-plain64 > >> keysize: 1536 bits > >> device: /dev/loop0 > >> loop: /tmp/tst > >> offset: 256 sectors > >> size: 65024 sectors > >> skipped: 256 sectors > >> mode: read/write > >> > >> * And plaintext filesystem now ready to mount > >> > >> # blkid /dev/mapper/tcrypt_dev > >> /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" > >> TYPE="vfat" > >> > >> > >> * Add (optional) support for lipwquality for new LUKS passwords. > >> > >> If password is entered through terminal (no keyfile specified) > >> and cryptsetup is compiled with --enable-pwquality, default > >> system pwquality settings are used to check password quality. > >> > >> You can always override this check by using new --force-password > >> option. > >> > >> For more info about pwquality project see > >> http://libpwquality.fedorahosted.org/ > >> > >> > >> * Proper handle interrupt signals (ctrl+c and TERM signal) in tools > >> > >> Code should now handle interrupt properly, release and explicitly > >> wipe > >> in-memory key materials on interrupt. > >> (Direct users of libcryptsetup should always call crypt_free() when > >> code is interrupted to wipe all resources. There is no signal > >> handling > >> in library, it is up to the tool using it.) > >> > >> > >> * Add new benchmark command > >> > >> The "benchmark" command now tries to benchmark PBKDF2 and some block > >> cipher variants. You can specify you own parameters > >> (--cipher/--key-size > >> for block ciphers, --hash for PBKDF2). > >> > >> See man page for detailed description. > >> > >> WARNING: benchmark requires kernel userspace crypto API to be > >> available > >> (kernel af_alg and algif_skcipher modules, introduced in Linux > >> kernel 2.6.38). > >> > >> EXAMPLE: > >> # cryptsetup benchmark > >> # Tests are approximate using memory only (no storage IO). > >> PBKDF2-sha1 111077 iterations per second > >> PBKDF2-sha256 53718 iterations per second > >> PBKDF2-sha512 18832 iterations per second > >> PBKDF2-ripemd160 89775 iterations per second > >> PBKDF2-whirlpool 23918 iterations per second > >> # Algorithm | Key | Encryption | Decryption > >> aes-cbc 128b 212.0 MiB/s 428.0 MiB/s > >> serpent-cbc 128b 23.1 MiB/s 66.0 MiB/s > >> twofish-cbc 128b 46.1 MiB/s 50.5 MiB/s > >> aes-cbc 256b 163.0 MiB/s 350.0 MiB/s > >> serpent-cbc 256b 23.1 MiB/s 66.0 MiB/s > >> twofish-cbc 256b 47.0 MiB/s 50.0 MiB/s > >> aes-xts 256b 190.0 MiB/s 190.0 MiB/s > >> serpent-xts 256b 58.4 MiB/s 58.0 MiB/s > >> twofish-xts 256b 49.0 MiB/s 49.5 MiB/s > >> aes-xts 512b 175.0 MiB/s 175.0 MiB/s > >> serpent-xts 512b 59.0 MiB/s 58.0 MiB/s > >> twofish-xts 512b 48.5 MiB/s 49.5 MiB/s > >> > >> Or you can specify cipher yourself: > >> # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128 > >> # Tests are approximate using memory only (no storage IO). > >> # Algorithm | Key | Encryption | Decryption > >> cast5-cbc 128b 32.4 MiB/s 35.0 MiB/s > >> > >> WARNING: these tests do not use dmcrypt, only crypto API. > >> You have to benchmark the whole device stack and you can get > >> completely > >> different results. But is is usable for basic comparison. > >> (Note for example AES-NI decryption optimization effect in example > >> above.) > >> > >> Features > >> ~~~~~~~~ > >> > >> * Do not maintain ChangeLog file anymore, see git log for detailed > >> changes, > >> e.g. here http://code.google.com/p/cryptsetup/source/list > >> > >> * Move change key into library, add > >> crypt_keyslot_change_by_passphrase(). > >> This change is useful mainly in FIPS mode, where we cannot > >> extract volume key directly from libcryptsetup. > >> > >> * Add verbose messages during reencryption. > >> > >> * Default LUKS PBKDF2 iteration time is now configurable. > >> > >> * Add simple cipher benchmarking API. > >> > >> * Add kernel skcipher backend. > >> > >> * Add CRC32 implementation (for TCRYPT). > >> > >> * Move PBKDF2 into crypto backend wrapper. > >> This allows use it in other formats, use library implementations and > >> also possible use of different KDF function in future. > >> > >> * New PBKDF2 benchmark using getrusage(). > >> > >> Fixes > >> ~~~~~ > >> > >> * Avoid O_DIRECT open if underlying storage doesn't support it. > >> > >> * Fix some non-translated messages. > >> > >> * Fix regression in header backup (1.5.1) with container in file. > >> > >> * Fix blockwise read/write for end writes near end of device. > >> (was not used in previous versions) > >> > >> * Ignore setpriority failure. > >> > >> * Code changes to fix/ignore problems found by Coverity static > >> analysis, including > >> - Get page size should never fail. > >> - Fix time of check/use (TOCTOU test) in tools > >> - Fix time of check/use in loop/wipe utils. > >> - Fix time of check/use in device utils. > >> > >> * Disallow header restore if context is non-LUKS device. > >> _______________________________________________ > >> dm-crypt mailing list > >> dm-crypt@xxxxxxxx > >> http://www.saout.de/mailman/listinfo/dm-crypt > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D > > 9718 > > ---- > > One of the painful things about our time is that those who feel certainty > > are stupid, and those with any imagination and understanding are filled > > with doubt and indecision. -- Bertrand Russell > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
