Import stenc-1.0.7

https://sourceforge.net/projects/stenc/files/source/stenc-1.0.7.tar.gz/download

ChangeLog

@@ -1,3 +1,13 @@
+2014-01-06  John Coleman  <jcoleman1981@live.com>
+* Version upgraded to 1.0.7
+* Included unistd.h in scsiencrypt.cpp to prevent compile issue on ArchLinux per report by fukawi2@gmail.com
+* Remove the --enable-swapbit and modified code to use the BYTE_ORDER and__BYTE_ORDER macros
+* -kd argument added to specify a uKAD via command line
+* -k option now required to set the output key file when using the -g option
+* status is now simplified, --detail argument added to restore previous behavior
+* the program now sets the umask when creating a new key file to prevent other users from being able to read it
+* Some devices will issue an I/O error on the first command sent to the device after a tape is inserted.  Modified the program to retry 1 time if the first command fails.
+
 2012-02-29  John Coleman  <ninthclowd@users.sourceforge.net>
 * Version upgraded to 1.0.6
 * The --protect option now should work properly and the --unprotect option has been added.  If you specify neither, the drive will use it's default.

Makefile.in

@@ -139,7 +139,6 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 SET_MAKE = @SET_MAKE@
@@ -502,7 +501,7 @@ distcheck: dist
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	esac
-	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	chmod -R a-w $(distdir); chmod u+w $(distdir)
 	mkdir $(distdir)/_build
 	mkdir $(distdir)/_inst
 	chmod a-w $(distdir)

aclocal.m4

@@ -13,8 +13,8 @@
 
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
-[m4_warning([this file was generated for autoconf 2.67.
+[m4_warning([this file was generated for autoconf 2.63.
 You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically `autoreconf'.])])

config.h.in

@@ -15,6 +15,33 @@
 /* "" */
 #undef DISABLE_DEVICE_NAME_CONVERSION
 
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
 /* "" */
 #undef MAX_TAPE_READ_BLOCKS
 
@@ -39,17 +66,11 @@
 /* Define to the one symbol short name of this package. */
 #undef PACKAGE_TARNAME
 
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
-/* "" */
-#undef SWAPBIT
-
 /* Version number of package */
 #undef VERSION

configure.in

@@ -1,11 +1,13 @@
 AC_INIT(src/main.cpp)
 
 PACKAGE=stenc
-VERSION=1.0.6
+VERSION=1.0.7
 
 
 AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
 AC_CONFIG_HEADERS([config.h])
+AC_CHECK_HEADER([sys/types.h])
+AC_CHECK_HEADER([sys/machine.h])
 # Checks for programs
 AC_PROG_CXX
 
@@ -73,27 +75,6 @@ AC_ARG_WITH([static-libgcc],
 	     ],
             [AC_MSG_RESULT(no)])
 
-AC_MSG_CHECKING(whether to swap bit order in SCSI structures)
-AC_ARG_ENABLE([swapbit],
-            [AS_HELP_STRING([--enable-swapbit],[compiles with swapped bit order in structures.  Default for AIX.])],
-	    [enable_swapbit=$enableval],
-	    [
-	     if test "${system}" = "AIX"; then
-		     enable_swapbit="yes"
-	     else
-		     enable_swapbit="no"
-	     fi
-						  
-	     ]
-	    )
-
-if test "$enable_swapbit" = "yes"; then
-	  AC_MSG_RESULT(yes)
-	  AC_DEFINE(SWAPBIT,1,"")
-else
-	  AC_MSG_RESULT(no)
-
-fi
 
 AC_MSG_CHECKING(whether to convert rewinding device names to non-rewinding device names)
 AC_ARG_ENABLE([device-name-conversion],

man/Makefile.in

@@ -110,7 +110,6 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 SET_MAKE = @SET_MAKE@

man/stenc.1

@@ -5,17 +5,20 @@
 stenc - SCSI Tape Hardware Encryption Manager 
 
 .SH SYNOPSIS 
-\fBstenc\fR \fB\-g\fR \fIlength\fR
+\fBstenc\fR \fB\-g\fR \fIlength\fR \fB\-k\fR \fIfile\fR [\fB\-kd\fR \fIdescription\fR]
 .br 
-\fBstenc\fR \fB\-f\fR \fIdevice\fR
+\fBstenc\fR \fB\-f\fR \fIdevice\fR [\fB\-\-detail\fR]
 .br
-\fBstenc\fR \fB\-f\fR \fIdevice\fR \fB\-e\fR \fBon\fR|\fBmixed\fR|\fBrawread\fR [\fB\-a\fR \fIindex\fR] [\fB\-k\fR \fIfile\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR] ]
+\fBstenc\fR \fB\-f\fR \fIdevice\fR \fB\-e\fR \fBon\fR|\fBmixed\fR|\fBrawread\fR [\fB\-a\fR \fIindex\fR] [\fB\-k\fR \fIfile\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR] 
 .br
-\fBstenc\fR \fB\-f\fR \fIdevice\fR \fB\-e\fR \fBoff\fR
+\fBstenc\fR \fB\-f\fR \fIdevice\fR \fB\-e\fR \fBoff\fR [\fB\-a\fR \fIindex\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR]
+.br
+\fBstenc\fR \fB\-\-version\fR
+
 
 .SH AVAILABILITY 
 
-Linux, AIX 5.3
+Linux, AIX
 
 .SH DESCRIPTION 
 
@@ -23,15 +26,15 @@ Allows you to manage hardware encryption on SSP enabled tape devices (LTO4, LTO5
 
 .SH OPTIONS 
 .TP
-\fB\-g \fIlength\fR
+\fB\-g \fIlength\fR \fB\-k\fR \fB<file to save as>\fR [\fB\-kd\fR \fI<key descriptor(uKAD)>\fR]
-Generates a key file of \fIlength\fR (in bits) containing a random hexadecimal key. After entering this option, you will be required to press random keys followed by the enter key.  This will seed the random number generator so that your key is more secure.  After that you will be asked for a location to save your key file to (you will need write permissions to that file location). Lastly you can enter an optional key description (see \fIKEY DESCRIPTORS\fR). This key file can then be used with the \fB\-k\fR option. You should not generate a key file over an unsecured remote session. Typically, key files should be set to 256 bits (32 hexadecimal bytes), however your device may only support 128 bits.
+Generates a key file of \fIlength\fR (in bits) containing a random hexadecimal key. After entering this option, you will be required to press random keys followed by the enter key.  This will seed the random number generator so that your key is more secure.  Specify the file to save the key into with the -k option (you will need write permissions to that file location). Lastly you can enter an optional key description using the -kd flag (see \fIKEY DESCRIPTORS\fR). This key file can then be used with the \fB\-k\fR option. You should not generate a key file over an unsecured remote session. Typically, key files should be set to 256 bits (32 hexadecimal bytes), however your device may only support 128 bits.
 
 .TP
 \fB\-f\fR \fIdevice\fR
 
-Specifies the device to use (i.e. \fI/dev/nst0\fR). Use the \fBlsscsi\fR command to determine the appropriate device to use.  You should always use a device name that does not rewind (i.e. use /dev/nst0 instead of /dev/st0, /dev/rmt0.1 instead of /dev/rmt0).
+Specifies the device to use (i.e. \fI/dev/nst0, /dev/rmt0.1, /dev/sg0\fR). Use the \fBlsscsi\fR command to determine the appropriate device to use.  You should always use a device name that does not rewind (i.e. use /dev/nst0 instead of /dev/st0, /dev/rmt0.1 instead of /dev/rmt0).   Use commands like 'cat /proc/scsi/scsi', 'lsscsi', and 'lsdev' to determine the proper device to use.  On some distros, a /dev/sg device must be used instead of a /dev/st device.
 
-If this is the only option specified, the status of the device will be displayed.  If you are root and the status command fails, either the \fIdevice\fR is incorrect (try another link to the device: \fI/dev/rmt0.1\fR, \fI/dev/nst0\fR, \fI/dev/tape\fR, etc.), a tape may not be in the drive, or the device does not support SCSI Security Protocol. \fBstenc\fR may read up to 100 blocks of the tape, starting at the current position, in order to determine if the volume has been encrypted.  For this reason, you should not run the status command while another process is accessing the drive. If the device returns \fIUnable to determine\fR for the volume encryption status, you may need to move to a section of the tape that contains data (i.e. \fBmt -f <device> fsr <count>\fR) or rewind the tape in order for \fBstenc\fR to output the volume status.
+If this is the only option specified, the status of the device will be displayed.  To retrieve more detailed status information, add \fB\-\-detail\fR.  If you are root and the status command fails, either the \fIdevice\fR is incorrect (try another link to the device: \fI/dev/rmt0.1\fR, \fI/dev/nst0\fR, \fI/dev/tape\fR, etc.), a tape may not be in the drive, you may be using the wrong algorithm for the tape drive (see the \fB\-a\fR option), or the device does not support SCSI Security Protocol. \fBstenc\fR may read up to 100 blocks of the tape, starting at the current position, in order to determine if the volume has been encrypted.  For this reason, you should not run the status command while another process is accessing the drive. If the device returns \fIUnable to determine\fR for the volume encryption status, you may need to move to a section of the tape that contains data (i.e. \fBmt -f <device> fsr <count>\fR) or rewind the tape in order for \fBstenc\fR to output the volume status.
 
 .TP 
 \fB\-e\fR \fBon\fR | \fBmixed\fR | \fBrawread\fR | \fBoff\fR 
@@ -46,27 +49,27 @@ Sets the encryption mode for the device specified with \fB\-f\fR option. Success
 
 \fBoff\fR - The drive will neither encrypt data sent to it, or decrypt encrypted data found on the drive.  If this command fails you may have switch your algorithm or specify a different default key size when you configure the program
 
-\fBWARNING:\fR The SCSI device will revert all encryption settings if the device is power cycled (i.e. system is rebooted). You can modify you local startup script (/etc/rc.local, /etc/rc, etc.) to set encryption at reboot.  If you do this, you will need to use the \fB\-k\fR option to prevent the system from waiting on the local console user to enter the encryption key.
+\fBWARNING:\fR The SCSI device will revert all encryption settings if the tape device is power cycled (if the tape drive is extenal, it may keep the settings even if the system is rebooted). You can modify you local startup script (/etc/rc.local, /etc/rc, etc.) to set encryption at reboot if need be.  If you do this, you will need to use the \fB\-k\fR option to prevent the system from waiting on the local console user to enter the encryption key.
 
 .TP
 \fB\-a\fR \fIindex\fR
 
-Only valid when turning encryption on (see the \fB\-e\fR option). Specifies the algorithm index to use for the device (defaults to 0).  Some devices may fail if this option isn't set to 1 (i.e. HP drives).
+Only valid when setting encryption (see the \fB\-e\fR option). Specifies the algorithm index to use for the device (defaults to 0, which can be changed using the --with-default-algorithm configure option).  Setting encryption on/off may fail on some devices if this is not the correct algorithm for the drive (i.e. HP drives use an algorithm index of 1).
 
 .TP
 \fB\-\-ckod\fR
 
-Only valid when turning encryption on (see the \fB\-e\fR option). Instructs the drive to clear its encryption keys when the volume is unmounted.
+Only valid when setting encryption (see the \fB\-e\fR option). Instructs the drive to clear its encryption keys when the volume is unmounted instead of keeping it until the drive is power cycled.  Some devices may not support this option.
 
 .TP
 \fB\-\-protect\fR | \fB\-\-unprotect\fR
 
-Only valid when turning encryption on (see the \fB\-e\fR option). Instructs the drive to \fBprotect\fR or \fBunprotect\fR any encrypted data from being raw read.  See the \fB\-e rawread\fR option.
+Only valid when setting encryption (see the \fB\-e\fR option). Instructs the drive to \fBprotect\fR or \fBunprotect\fR any encrypted data from being raw read.  See the \fB\-e rawread\fR option.  Some devices may not support these options.
 
 .TP
 \fB\-k\fR \fIfile\fR
 
-Only valid when turning encryption on (see the \fB\-e\fR option). Specifies the location of a file containing a hexadecimal key to use for encryption. The \fB\-g\fR option may be used to generate a random key file that can be used with this option.  See \fIKEY INPUT SYNTAX\fR. If you are going to use a key file, it should be owned by root ('\fBchown root\fR') and only readable by root ('\fBchmod 600\fR'). \fBstenc\fR automatically chmods key files generated with the \fB\-g\fR option.
+Only valid when turning encryption on (see the \fB\-e\fR option) or generating a new key (see the \fB\-g\fR option). When turning encryption on, this specifies the location of a key file previously generated with the \fB\-g\fR option.  When generating a new key with the \fB\-g\fR option, this specifies the key file that the new key will be saved into.  Key files should be owned by root ('\fBchown root\fR') and only readable by root ('\fBchmod 600\fR'). \fBstenc\fR automatically chmods key files generated with the \fB\-g\fR option.
 .SH KEY INPUT SYNTAX
 .TP
 
@@ -82,8 +85,8 @@ All keys should be a maximum of 256 bits (32 bytes).  \fBstenc\fR requires that
 
 .SH EXAMPLE
 .TP 
-\fBstenc -g 256\fR
+\fBstenc -g 256 -k /etc/tape.key -kd "September Tape Key"\fR 
-Generate a random 256 bit key file. 
+Generate a random 256 bit key file with the description "September Tape Key" and save it into /etc/tape.key
 .TP 
 \fBstenc -f /dev/st0 -e on -k /etc/stenc.key\fR
 Turns on encryption on /dev/st0 using the key contained in /etc/stenc.key
@@ -94,8 +97,8 @@ Asks user to input a key in hexadecimal format and then turns on encryption for
 \fBstenc -f /dev/st0 -e off\fR
 Turns off encryption for /dev/st0 
 .TP 
-\fBstenc -f /dev/st0\fR
+\fBstenc -f /dev/st0 --detail\fR
-Outputs the encryption status of /dev/st0
+Outputs the detailed encryption status of /dev/st0
 .TP
 \fBtail /var/log/stenc\fR
 Lists the last few key change audit entries
@@ -110,7 +113,10 @@ Key descriptors are set when using the \fB\-g\fR option or the \fB\-e\fR option.
 Written by \fBJohn Coleman\fR and \fBSamuel Martinez Jr.\fR of SunWest Educational Credit Union. 
 
 .SH REPORTING BUGS
-Report \fBstenc\fR bugs to \fIninthclowd@users.sourceforge.net\fR. 
+Report \fBstenc\fR bugs to \fIjcoleman1981@live.com\fR. 
+
+.SH PROJECT UPDATES
+Visit \fBhttp://sourceforge.net/projects/stenc/\fR for more information.
 
 .SH COPYRIGHT
 Copyright 2012 contributing authors. License GPLv2: GNU GPL version 2 <http://gnu.org/licenses/gpl.html>. This is free software: you are free  to  change  and  redistribute it. There is NO WARRANTY, to the extent permitted by law.

src/Makefile.in

@@ -107,7 +107,6 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 SET_MAKE = @SET_MAKE@

src/main.cpp

@@ -15,7 +15,9 @@ GNU General Public License for more details.
 */
 #include <config.h>
 #include <termios.h>
-#include <unistd.h>
+#ifdef HAVE_UNISTD_H
+ #include <unistd.h>
+#endif
 #include <iostream>
 #include <iomanip>
 #include <sstream>
@@ -31,8 +33,9 @@ GNU General Public License for more details.
 #include "keyinfo.h"
 #define LOGFILE "/var/log/stenc"
 
+
 typedef struct {
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
 	unsigned char bit1:1;
 	unsigned char bit2:1;
 	unsigned char bit3:1;
@@ -56,7 +59,7 @@ using namespace std;
 void showUsage();
 void errorOut(string message);
 void inquiryDrive(string tapeDevice);
-void showDriveStatus(string tapeDevice);
+void showDriveStatus(string tapeDevice,bool detail);
 void showVolumeStatus(string tapeDevice);
 string randomKey(int length);
 string timestamp();
@@ -64,7 +67,6 @@ void echo(bool);
 ofstream logFile;
 //program entry point
 int main(int argc, char **argv){
-    cout<<"stenc v"<<VERSION<<" - SCSI Tape Encryption Manager"<<endl;
 
     bitcheck bc;
     memset(&bc,0,1);
@@ -78,10 +80,10 @@ int main(int argc, char **argv){
 		//this is good
 		break;
 	case 0x48:
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
-		errorOut("Swapped bit ordering detected.  Program needs to be configured with the --enable-swapbit option in order to function properly on your system");
+		errorOut("Swapped bit ordering detected(BI).  Program needs to be configured without the --enable-swapendian option in order to function properly on your system");
 #else
-		errorOut("Swapped bit ordering detected.  Program needs to be configured with the --disable-swapbit option in order to function properly on your system");
+		errorOut("Swapped bit ordering detected(LI).  Program needs to be configured with the --enable-swapendian option in order to function properly on your system");
 #endif
 		break;
 	default:
@@ -91,8 +93,10 @@ int main(int argc, char **argv){
     }
 
     string tapeDrive="";
-    bool setting=false;
+    int action=0; // 0 = status, 1 =setting param, 2 = generating key
-    string keyFile;
+    string keyFile,keyDesc;
+    int keyLength=0;
+    bool detail=false;
     SCSIEncryptOptions drvOptions;
 
     	//First load all of the options
@@ -102,36 +106,22 @@ int main(int argc, char **argv){
         if(i+1<argc){
         	if(strncmp(argv[i+1],"-",1)!=0)nextCmd=argv[i+1];
         }
+	if(thisCmd=="--version"){ 
+	    cout<<"stenc v"<<VERSION<<" - SCSI Tape Encryption Manager"<<endl;
+	    cout<<"http://sourceforge.net/projects/stenc/"<<endl;
+	    exit(EXIT_SUCCESS);
+	    	
+        }
         if(thisCmd=="-g"){ //Check if the help flag was passed.  If it was, show usage and exit
             if(nextCmd=="")errorOut("Key size must be specified when using -g");
             i++; //skip the next argument   
-	    int keylength=atoi(nextCmd.c_str());
+	    keyLength=atoi(nextCmd.c_str());
-	    if (keylength % 8 != 0)errorOut("Key size must be divisible by 8");
+	    if (keyLength % 8 != 0)errorOut("Key size must be divisible by 8");
-	    keylength=keylength/8;
+	    keyLength=keyLength/8;
-            if(keylength>SSP_KEY_LENGTH){
+            if(keyLength>SSP_KEY_LENGTH){
 		cout<<"Warning: Keys over "<<(SSP_KEY_LENGTH*8)<<" bits cannot be used by this program!"<<endl;
 	    }   
-	    string newkey=randomKey(keylength);
+	    action=2; //generating key 
-	    string keyfilename,keydesc;
-	    cout<<"Filename to save key into: ";
-	    getline(cin,keyfilename);
-            cout<<"Key description (optional): ";
-            getline(cin,keydesc);
-	    if(keydesc.size()>SSP_UKAD_LENGTH){
-		errorOut("Description too long!");
-	    }
-            ofstream kf;
-            kf.open(keyfilename.c_str(),ios::trunc);
-            if(!kf.is_open()){
-		errorOut("Could not open '"+keyfilename+"' for writing.");
-
-            }
-	    kf<<newkey<<keydesc;
-	    kf.close();
-            cout<<"Random key saved into '"<<keyfilename<<"'"<<endl;
-            chmod(keyfilename.c_str(),0600);
-            cout<<"Permissions of keyfile set to 600"<<endl;
-            exit(EXIT_SUCCESS);
         }
 	else if(thisCmd=="-e"){
 		if(nextCmd=="")errorOut("Key file not specified after -k option");
@@ -141,39 +131,44 @@ int main(int argc, char **argv){
                 else if(nextCmd=="off")drvOptions.cryptMode=CRYPTMODE_OFF;//encrypt, read encrypted and unencrypted data
                 else errorOut("Unknown encryption mode '"+nextCmd+"'");//encrypt, read encrypted and unencrypted data
 		i++; //skip the next argument				
-		setting=true;
+		action=1;
 	}
         else if(thisCmd=="-f"){
             if(nextCmd=="")errorOut("Device not specified after -f option.");
             tapeDrive=nextCmd; //set the tape drive
 	    i++; //skip the next argument
         }
-	else if(setting){
+	else if(thisCmd=="-k"){
-        	if(thisCmd=="-k"){
 	            if(nextCmd=="")errorOut("Key file not specified after -k option");
         	    keyFile=nextCmd; //set the key file
 		    i++; //skip the next argument
-        	}
+        }
-		else if(thisCmd=="--protect"){
+        else if(thisCmd=="-kd"){
-		    if(drvOptions.rdmc==RDMC_UNPROTECT)errorOut("'--protect' cannot be specified at the same time as '--unprotect'");
+                    if(nextCmd=="")errorOut("Key description not specified after the -kd option");
-		    drvOptions.rdmc=RDMC_PROTECT;
+                    keyDesc=nextCmd; //set the key file
-                }
+		    if(keyDesc.size()>SSP_UKAD_LENGTH){
-                else if(thisCmd=="--unprotect"){
+                	errorOut("Key description too long!");
-		    if(drvOptions.rdmc==RDMC_PROTECT)errorOut("'--unprotect' cannot be specified at the same time as '--protect'");
+            	    }
-                    drvOptions.rdmc=RDMC_UNPROTECT;
+                    i++; //skip the next argument
-                }
+        }
-                else if(thisCmd=="--ckod"){
+	else if(thisCmd=="--protect"){
-                    drvOptions.CKOD=true;
+	    if(drvOptions.rdmc==RDMC_UNPROTECT)errorOut("'--protect' cannot be specified at the same time as '--unprotect'");
-                }
+	    drvOptions.rdmc=RDMC_PROTECT;
-		else if(thisCmd=="-a"){
+        }
-        	    if(nextCmd=="")errorOut("You must specify a numeric algorithm index when using the -a flag");
+        else if(thisCmd=="--unprotect"){
-            	    drvOptions.algorithmIndex=atoi(nextCmd.c_str()); 
+		if(drvOptions.rdmc==RDMC_PROTECT)errorOut("'--unprotect' cannot be specified at the same time as '--protect'");
-		    i++; //skip the next argument
+                drvOptions.rdmc=RDMC_UNPROTECT;
-		}
+        }
-		else{
+        else if(thisCmd=="--ckod"){
-			errorOut("Unknown command '"+thisCmd+"'");
+        	drvOptions.CKOD=true;
-		}
+        }
-			
+        else if(thisCmd=="--detail"){
+                detail=true;
+        }
+	else if(thisCmd=="-a"){
+		if(nextCmd=="")errorOut("You must specify a numeric algorithm index when using the -a flag");
+                drvOptions.algorithmIndex=atoi(nextCmd.c_str()); 
+	        i++; //skip the next argument
         }
 	else{
 		errorOut("Unknown command '"+thisCmd+"'");
@@ -181,6 +176,26 @@ int main(int argc, char **argv){
 
     }
 
+    if(action==2){//generate key
+	    if(keyFile==""){
+		errorOut("Specify file to save into with the -k argument.");
+	    }
+
+	    string newkey=randomKey(keyLength);
+            ofstream kf;
+	    umask(077); //make sure that no one else can read the new key file we are creating
+            kf.open(keyFile.c_str(),ios::trunc);
+            if(!kf.is_open()){
+		errorOut("Could not open '"+keyFile+"' for writing.");
+
+            }
+	    kf<<newkey<<keyDesc;
+	    kf.close();
+            cout<<"Random key saved into '"<<keyFile<<"'"<<endl;
+            chmod(keyFile.c_str(),0600);
+            cout<<"Permissions of keyfile set to 600"<<endl;
+            exit(EXIT_SUCCESS);
+    }
     //validate the tape device
     if(tapeDrive==""){
         errorOut("Tape drive device must be specified with the -f option");
@@ -209,12 +224,14 @@ int main(int argc, char **argv){
     }
     chmod(LOGFILE,0600);	
  
-    if(!setting){
+    if(action==0){
 	cout<<"Status for "<<tapeDrive<<endl;
 	cout<<"--------------------------------------------------"<<endl;
-	inquiryDrive(tapeDrive);
+	if(detail)
-	showDriveStatus(tapeDrive);
+		inquiryDrive(tapeDrive);
-	showVolumeStatus(tapeDrive);
+	showDriveStatus(tapeDrive,detail);
+	if(detail)
+		showVolumeStatus(tapeDrive);
 	exit(EXIT_SUCCESS);
     }
    
@@ -223,7 +240,6 @@ int main(int argc, char **argv){
 	    if(keyFile==""){
 		    string p1="01";
 		    string p2="02";
-		    string kdesc="";
 		    bool done=false;
 		    while(!done){
 			    cout<<"Enter key in hex format: ";
@@ -241,15 +257,6 @@ int main(int argc, char **argv){
 			    }else{
 				ki.load(p1);
 				if(ki.valid){
-					bool descvalid=false;
-					while(!descvalid){
-						cout<<"Key description (optional): ";
-        	                    		getline(cin,kdesc);
-						cout<<endl;
-						descvalid=true;
-						if(kdesc.size()>SSP_UKAD_LENGTH)descvalid=false;
-						if(!descvalid)cout<<"Description too long!"<<endl;
-					}
 					cout<<"Set encryption using this key? [y/n]: ";
 					string ans="";
 					getline(cin,ans);
@@ -259,23 +266,21 @@ int main(int argc, char **argv){
 				}else cout<<"Invalid key!"<<endl;
 			    }
 		    }
-		    drvOptions.keyName=kdesc;
+		    drvOptions.keyName=keyDesc;
 		    
 	    }else{
 		    //set keyInput here
-		    string keyInput,kdesc;
+		    string keyInput;
 		    ifstream myfile(keyFile.c_str());
 		    if (myfile.is_open())
 		    {
 			  getline (myfile,keyInput);
-			  getline (myfile,kdesc);
+			  getline (myfile,keyDesc);
 			  myfile.close();
 			  ki.load(keyInput);
 			  if(!ki.valid)
 				errorOut("Invalid key found in '"+keyFile+"'");
-			  if(kdesc.size()>SSP_UKAD_LENGTH)
+			  drvOptions.keyName=keyDesc;
-				errorOut("Key description in '"+keyFile+"' too long!");
-			  drvOptions.keyName=kdesc;
 		    }else errorOut("Could not open '"+keyFile+"' for reading"); 
 			   
 	    }
@@ -336,7 +341,7 @@ void errorOut(string message){
 
 //shows the command usage
 void showUsage(){
-    cout<<"Usage: stenc -g <length> | -f <device> [-e <on/mixed/rawread/off> [-k <file> ] [-a <number>] [--protect | --unprotect] [--ckod] ]"<<endl;
+    cout<<"Usage: stenc --version | -g <length> -k <file> [-kd <description>] | -f <device> [--detail] [-e <on/mixed/rawread/off> [-k <file>] [-kd <description>] [-a <index>] [--protect | --unprotect] [--ckod] ]"<<endl;
     cout<<"Type 'man stenc' for more information."<<endl;
 }
 void inquiryDrive(string tapeDevice){
@@ -355,51 +360,79 @@ void inquiryDrive(string tapeDevice){
 }
 
 
-void showDriveStatus(string tapeDrive){
+void showDriveStatus(string tapeDrive,bool detail){
         SSP_DES* opt=SSPGetDES(tapeDrive);
 	if(opt==NULL)return;
-        cout<<left<<setw(25)<<"Data Output:";
+	string emode="unknown";
-	switch ((int)opt->des.decryptionMode){
+	cout<<left<<setw(25)<<"Drive Encryption:";
-		case 0x0:
+	if(
-			cout<<"Not decrypting"<<endl;
+		(int)opt->des.encryptionMode==0x2 && //encrypt
-			cout<<setw(25)<<" "<<"Raw encrypted data not outputted"<<endl;
+		(int)opt->des.decryptionMode==0x2 //read only encrypted data
-			break;
+	)
-                case 0x1:
+		emode="on";
-                        cout<<"Not decrypting"<<endl;
+	if(
-                        cout<<setw(25)<<" "<<"Raw encrypted data outputted"<<endl;
+		(int)opt->des.encryptionMode==0x2 && //encrypt
-                        break;
+		(int)opt->des.decryptionMode==0x3 //read encrypted and unencrypted
-		case 0x2:
+	)
-			cout<<"Decrypting"<<endl;
+		emode="mixed";
-			cout<<setw(25)<<" "<<"Unencrypted data not outputted"<<endl;
+
-			break;
+        if(
-		case 0x3:
+                (int)opt->des.encryptionMode==0x2 && //encrypt
-			cout<<"Decrypting"<<endl;
+                (int)opt->des.decryptionMode==0x1 //read encrypted and unencrypted
-			cout<<setw(25)<<" "<<"Unencrypted data outputted"<<endl;
+        )
-			break;
+	        emode="rawread";
-		default:
+
-			cout<<"Unknown '0x"<<hex<<(int)opt->des.decryptionMode<<"' "<<endl;
+        if(
-			break;
+                (int)opt->des.encryptionMode==0x0 && //encrypt
-	}
+                (int)opt->des.decryptionMode==0x0  //read encrypted and unencrypted
-        cout<<setw(25)<<"Data Input:";
+        )
-	switch((int)opt->des.encryptionMode){
+	        emode="off";
-		case 0x0:
+
-			cout<<"Not encrypting"<<endl;
+       cout<<emode<<endl;
-			break;
+       if(detail){
-		case 0x2:
+		cout<<left<<setw(25)<<"Drive Output:";
-			cout<<"Encrypting"<<endl;
+		switch ((int)opt->des.decryptionMode){
-			break;
+			case 0x0:
-		default:
+				cout<<"Not decrypting"<<endl;
-			cout<<"Unknown result '0x"<<hex<<(int)opt->des.encryptionMode<<"'"<<endl;
+				cout<<setw(25)<<" "<<"Raw encrypted data not outputted"<<endl;
-			break;
+				break;
-	}
+			case 0x1:
-	if(opt->des.RDMD==1){
+				cout<<"Not decrypting"<<endl;
-                        cout<<setw(25)<<" "<<"Protecting from raw read"<<endl;
+				cout<<setw(25)<<" "<<"Raw encrypted data outputted"<<endl;
-        }
+				break;
+			case 0x2:
+				cout<<"Decrypting"<<endl;
+				cout<<setw(25)<<" "<<"Unencrypted data not outputted"<<endl;
+				break;
+			case 0x3:
+				cout<<"Decrypting"<<endl;
+				cout<<setw(25)<<" "<<"Unencrypted data outputted"<<endl;
+				break;
+			default:
+				cout<<"Unknown '0x"<<hex<<(int)opt->des.decryptionMode<<"' "<<endl;
+				break;
+		}
+		cout<<setw(25)<<"Drive Input:";
+		switch((int)opt->des.encryptionMode){
+			case 0x0:
+				cout<<"Not encrypting"<<endl;
+				break;
+			case 0x2:
+				cout<<"Encrypting"<<endl;
+				break;
+			default:
+				cout<<"Unknown result '0x"<<hex<<(int)opt->des.encryptionMode<<"'"<<endl;
+				break;
+		}
+		if(opt->des.RDMD==1){
+				cout<<setw(25)<<" "<<"Protecting from raw read"<<endl;
+		}
 		
 
-        cout<<setw(25)<<"Key Instance Counter:"<<dec<<BSLONG(opt->des.keyInstance)<<endl;
+		cout<<setw(25)<<"Key Instance Counter:"<<dec<<BSLONG(opt->des.keyInstance)<<endl;
-	if(opt->des.algorithmIndex!=0){
+		if(opt->des.algorithmIndex!=0){
-		cout<<setw(25)<<"Encryption Algorithm:"<<hex<<(int)opt->des.algorithmIndex<<endl;
+			cout<<setw(25)<<"Encryption Algorithm:"<<hex<<(int)opt->des.algorithmIndex<<endl;
+		}
 	}
 	if(opt->kads.size()>0){
 		for(unsigned int i=0;i<opt->kads.size();i++){

src/scsiencrypt.cpp

@@ -21,7 +21,6 @@ GNU General Public License for more details.
 #include <fcntl.h>
 #include <errno.h>
 #include <sys/ioctl.h>
-
 #ifdef OS_AIX //AIX
  #define _LINUX_SOURCE_COMPAT
  #include <sys/scsi.h>
@@ -40,12 +39,16 @@ GNU General Public License for more details.
 #include <sys/mtio.h>
 #include "scsiencrypt.h"
 
+#ifdef HAVE_UNISTD_H
+ #include <unistd.h> //added for archlinux support per fukawi2@gmail.com
+#endif
 
 #define SSP_SPIN_OPCODE             0XA2
 #define SSP_SPOUT_OPCODE            0XB5
 #define SSP_SP_CMD_LEN              12
 #define SSP_SP_PROTOCOL_TDE         0X20 
 
+#define RETRYCOUNT 1
 
 #define BSINTTOCHAR(x)     (unsigned char)((x & 0xff000000)>>24), (unsigned char)((x & 0x00ff0000)>>16),(unsigned char)((x & 0x0000ff00)>>8),(unsigned char)(x & 0x000000ff)
 
@@ -64,7 +67,7 @@ typedef struct { //structure for setting data encryption
         unsigned char pageCode		[2];
         unsigned char length		[2];
 	
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
         unsigned char scope		:3;
         unsigned char res_bits_1	:4; 
         unsigned char lock		:1;
@@ -74,7 +77,7 @@ typedef struct { //structure for setting data encryption
         unsigned char scope             :3;
 #endif
 
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
         unsigned char CEEM		:2;
         unsigned char RDMC		:2;
         unsigned char sdk		:1;
@@ -292,7 +295,7 @@ bool SCSIWriteEncryptOptions(string tapeDevice, SCSIEncryptOptions* eOptions){
 bool SCSIExecute(string tapedrive, unsigned char* cmd_p,int cmd_len,unsigned char* dxfer_p,int dxfer_len, bool cmd_to_device, bool show_error)
 {
 	const char* tapedevice=tapedrive.c_str();
-	int sg_fd,eresult,sresult;
+	int sg_fd,eresult,sresult,ioerr,retries;
 	SCSI_PAGE_SENSE* sd=new SCSI_PAGE_SENSE;
 	memset(sd,0,sizeof(SCSI_PAGE_SENSE));
 	   
@@ -317,13 +320,15 @@ bool SCSIExecute(string tapedrive, unsigned char* cmd_p,int cmd_len,unsigned cha
 	cmdio.status_validity=SC_SCSI_ERROR;
 	cmdio.flags=(cmd_to_device)?B_WRITE:B_READ;
 
-	errno=0;
+	retries=0;
-	eresult=ioctl(sg_fd, STIOCMD, &cmdio);
+	do{
-    	sresult=(int)cmdio.scsi_bus_status;
+		errno=0;
-	
+		eresult=ioctl(sg_fd, STIOCMD, &cmdio);
-	if(eresult!=0 && show_error){
+    		sresult=(int)cmdio.scsi_bus_status;
-		readIOError(errno);
+		if(eresult!=0)
-	}
+			ioerr=errno;
+		retries++;
+	}while(errno!=0 && retries<=RETRYCOUNT);
 	
 								       
 	if(sresult==SC_CHECK_CONDITION){ //get the sense data
@@ -340,15 +345,7 @@ bool SCSIExecute(string tapedrive, unsigned char* cmd_p,int cmd_len,unsigned cha
 		scmdio.flags=B_READ;
 
 		errno=0;
-		if(!ioctl(sg_fd, STIOCMD, &scmdio)){
+		ioctl(sg_fd, STIOCMD, &scmdio);
-			if(show_error)
-				outputSense(sd);	
-		}else{
-			if(show_error){
-				cout<<"Error retrieving sense: ";
-				readIOError(errno);
-			}
-		}
 
 	}
 
@@ -373,18 +370,17 @@ bool SCSIExecute(string tapedrive, unsigned char* cmd_p,int cmd_len,unsigned cha
         cmdio.mx_sb_len=sizeof(SCSI_PAGE_SENSE);
 	cmdio.timeout = SCSI_TIMEOUT; 
 	cmdio.interface_id = 'S';
+        retries=0;
+        do{
+                errno=0;
+		eresult=ioctl(sg_fd, SG_IO, &cmdio);
+                if(eresult!=0)
+                        ioerr=errno;
+                retries++;
+        }while(errno!=0 && retries<=RETRYCOUNT);
 
-	errno=0;
-	eresult=ioctl(sg_fd, SG_IO, &cmdio);
 
-    	if(eresult!=0){
-		readIOError(errno);
-	}
 	sresult=cmdio.status;
-	if(sresult!=0 && show_error){ 
-                 outputSense(sd);
-
-	}
 #endif
 #ifdef DEBUGSCSI
 	cout<<"SCSI Command: ";
@@ -402,12 +398,23 @@ bool SCSIExecute(string tapedrive, unsigned char* cmd_p,int cmd_len,unsigned cha
 #endif
 	close(sg_fd);
 	
-	delete sd;
 
-	if(eresult!=0||sresult!=0){
+	bool retval=true;	
-             return false;
+
+ 	if(eresult!=0){
+		if(show_error)
+	                readIOError(ioerr);		
+		retval=false;
+
+        }
+
+	if(sresult!=0){
+ 		if(show_error)
+                	outputSense(sd);
+                retval=false;
 	}
-     	return true;
+	delete sd;
+     	return retval;
 }
 void byteswap(unsigned char* array,int size,int value){
 	switch(size){

src/scsiencrypt.h

@@ -42,12 +42,47 @@ GNU General Public License for more details.
 //macro for a byte swapped int
 #define BSLONG( x )    ((unsigned int)( (int)( x[0] << 24 ) + (int)( x[1] << 16 ) + (int)( x[2] << 8 ) + (int)( x[3] ) ))
 
+#ifdef HAVE_SYS_MACHINE_H
+ #include <sys/machine.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H 
+ #include <sys/types.h>
+#endif
+
+#ifdef BYTE_ORDER
+ #define STENC_BYTE_ORDER BYTE_ORDER
+#endif
+#ifndef STENC_BYTE_ORDER
+ #ifdef __BYTE_ORDER
+  #define STENC_BYTE_ORDER __BYTE_ORDER
+ #endif
+#endif
+
+#ifdef BIG_ENDIAN
+ #define STENC_TYPE_BIG_ENDIAN BIG_ENDIAN
+#endif
+#ifndef STENC_TYPE_BIG_ENDIAN
+ #ifdef __BIG_ENDIAN
+  #define STENC_TYPE_BIG_ENDIAN __BIG_ENDIAN
+ #endif
+#endif
+
+#if STENC_BYTE_ORDER == STENC_TYPE_BIG_ENDIAN
+ #define STENC_BIG_ENDIAN 1
+#else
+ #define STENC_BIG_ENDIAN 0
+#endif
+
+
+
 
 
 typedef struct {
     unsigned char pageCode		[2]; 
     unsigned char length		[2];
-#ifdef SWAPBIT
+
+#if STENC_BIG_ENDIAN == 1
     unsigned char nexusScope 		:3;
     unsigned char res_bits_1		:2;
     unsigned char keyScope		:3;
@@ -60,7 +95,7 @@ typedef struct {
     unsigned char decryptionMode;
     unsigned char algorithmIndex;
     unsigned char keyInstance		[4];
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
     unsigned char res_bits_2		:1;
     unsigned char parametersControl	:3;
     unsigned char VCELB			:1;
@@ -82,7 +117,7 @@ typedef struct {
 
 typedef struct {
     unsigned char type;
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
     unsigned char res_bits_1 		:5;
     unsigned char authenticated 	:3;
 #else
@@ -104,7 +139,7 @@ typedef struct {
     unsigned char pageCode		[2];
     unsigned char length		[2];
     unsigned char log_obj_num		[8];
-#ifdef SWAPBIT    
+#if STENC_BIG_ENDIAN == 1    
     unsigned char compressionStatus 	:4;
     unsigned char encryptionStatus 	:4;
 #else
@@ -113,7 +148,7 @@ typedef struct {
 #endif
 	    
     unsigned char algorithmIndex;
-#ifdef SWAPBIT    
+#if STENC_BIG_ENDIAN == 1    
     unsigned char res_bits_1 		:6;
     unsigned char EMES 			:1;
     unsigned char RDMDS 		:1;
@@ -129,7 +164,7 @@ typedef struct {
 
 typedef struct{
     
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char peripheralQualifier	:3;
     unsigned char periphrealDeviceType	:5;
 #else
@@ -137,7 +172,7 @@ typedef struct{
     unsigned char peripheralQualifier	:3;
 #endif
 
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char RMB			:1;
     unsigned char res_bits_1		:7;
 #else
@@ -146,7 +181,7 @@ typedef struct{
 #endif
     unsigned char Version		[1];
 
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char obs_bits_1		:2;
     unsigned char NORMACA		:1;
     unsigned char HISUP			:1;
@@ -160,7 +195,7 @@ typedef struct{
 
     unsigned char additionalLength	[1];
     
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char SCCS			:1;
     unsigned char ACC			:1;
     unsigned char TPGS			:2;
@@ -177,7 +212,7 @@ typedef struct{
 #endif
 
 
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char obs_bits_2		:1;
     unsigned char ENCSERV		:1;
     unsigned char VS			:1;
@@ -196,7 +231,7 @@ typedef struct{
 #endif
 
 
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char obs_bits_4		:2;
     unsigned char WBUS16		:1;
     unsigned char SYNC			:1;
@@ -218,7 +253,7 @@ typedef struct{
     unsigned char SN			[7];
     unsigned char venderUnique		[12];
 
-#ifndef SWAPBIT
+#if STENC_BIG_ENDIAN == 0
     unsigned char res_bits_3		:4;
     unsigned char CLOCKING		:2;
     unsigned char QAS			:1;
@@ -236,7 +271,7 @@ typedef struct{
     unsigned char copyright		[1];																			
 } SCSI_PAGE_INQ; //device inquiry response
 typedef struct{
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
 	unsigned char valid		:1;
 	unsigned char responseCode 	:7;
 #else
@@ -245,7 +280,7 @@ typedef struct{
 #endif	
 	unsigned char res_bits_1;
 
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
 	unsigned char filemark		:1;
 	unsigned char EOM		:1;
 	unsigned char ILI		:1;
@@ -264,7 +299,7 @@ typedef struct{
 	unsigned char addSenseCode;
 	unsigned char addSenseCodeQual;
 	unsigned char fieldRepUnitCode;
-#ifdef SWAPBIT
+#if STENC_BIG_ENDIAN == 1
 	unsigned char sim		:3; // system information message 
 	unsigned char bpv		:1; // bit pointer valid 
 	unsigned char resvd2		:2; // reserved