Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

almost-baked cascaded cipher support

  • Loading branch information...
commit a250434c3786bb54b06b98bc174b64da1f2f24af 1 parent 6ee09f3
@bwalex authored
Showing with 102 additions and 58 deletions.
  1. +0 −1  crypto-dev.c
  2. +95 −56 tc-play.c
  3. +7 −1 tc-play.h
View
1  crypto-dev.c
@@ -159,7 +159,6 @@ tc_crypto_init(void)
return 0;
}
-static
int
tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain,
unsigned char *key)
View
151 tc-play.c
@@ -212,9 +212,10 @@ new_info(const char *dev, struct tc_cipher_chain *cipher_chain,
{
struct tcplay_info *info;
size_t i;
+ int err;
if ((info = (struct tcplay_info *)alloc_safe_mem(sizeof(*info))) == NULL) {
- fprintf(stderr, "could not allocate safe info memory");
+ fprintf(stderr, "could not allocate safe info memory\n");
return NULL;
}
@@ -227,12 +228,17 @@ new_info(const char *dev, struct tc_cipher_chain *cipher_chain,
info->skip = hdr->off_mk_scope / hdr->sec_sz; /* iv skip */
info->offset = hdr->off_mk_scope / hdr->sec_sz; /* block offset */
-#if 0
- /* XXX: broken */
- for (i = 0; i < cipher->klen; i++) {
- sprintf(&info->key[i*2], "%02x", hdr->keys[i]);
+ err = tc_cipher_chain_populate_keys(cipher_chain, hdr->keys);
+ if (err) {
+ fprintf(stderr, "could not populate keys in cipher chain\n");
+ return NULL;
+ }
+
+ for (; cipher_chain != NULL; cipher_chain = cipher_chain->next) {
+ for (i = 0; i < cipher_chain->cipher->klen; i++)
+ sprintf(&cipher_chain->dm_key[i*2], "%02x",
+ cipher_chain->key[i]);
}
-#endif
return info;
}
@@ -497,78 +503,111 @@ create_volume(const char *dev, int hidden, const char *keyfiles[], int nkeyfiles
int
dm_setup(const char *mapname, struct tcplay_info *info)
{
+ struct tc_cipher_chain *cipher_chain;
struct dm_task *dmt = NULL;
struct dm_info dmi;
char *params = NULL;
char *uu;
uint32_t status;
int ret = 0;
+ int j;
+ off_t start, skip, offset;
+ char dev[PATH_MAX];
+ char map[PATH_MAX];
if ((params = alloc_safe_mem(512)) == NULL) {
fprintf(stderr, "could not allocate safe parameters memory");
return ENOMEM;
}
- /* aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8 */
- /* iv off---^ block off--^ */
- snprintf(params, 512, "%s %s %"PRIu64 " %s %"PRIu64,
- /* XXX: broken */
- info->cipher_chain->cipher->dm_crypt_str, info->key,
- info->skip, info->dev, info->offset);
+ strcpy(dev, info->dev);
+ skip = info->skip;
+ start = info->start;
+ offset = info->offset;
+
+ /* Get to the end of the chain */
+ for (cipher_chain = info->cipher_chain; cipher_chain->next != NULL;
+ cipher_chain = cipher_chain->next)
+ ;
+
+ for (j= 0; cipher_chain != NULL;
+ cipher_chain = cipher_chain->prev, j++) {
+ /* aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8 */
+ /* iv off---^ block off--^ */
+ snprintf(params, 512, "%s %s %"PRIu64 " %s %"PRIu64,
+ cipher_chain->cipher->dm_crypt_str, cipher_chain->dm_key,
+ skip, dev, offset);
#ifdef DEBUG
- printf("Params: %s\n", params);
+ printf("Params: %s\n", params);
#endif
- if ((dmt = dm_task_create(DM_DEVICE_CREATE)) == NULL) {
- fprintf(stderr, "dm_task_create failed\n");
- ret = -1;
- goto out;
- }
- if ((dm_task_set_name(dmt, mapname)) == 0) {
- fprintf(stderr, "dm_task_set_name failed\n");
- ret = -1;
- goto out;
- }
+ if ((dmt = dm_task_create(DM_DEVICE_CREATE)) == NULL) {
+ fprintf(stderr, "dm_task_create failed\n");
+ ret = -1;
+ goto out;
+ }
- uuid_create(&info->uuid, &status);
- if (status != uuid_s_ok) {
- fprintf(stderr, "uuid_create failed\n");
- ret = -1;
- goto out;
- }
+ /*
+ * If this is the last element in the cipher chain, use the
+ * final map name. Otherwise pick a secondary name...
+ */
+ if (cipher_chain->prev == NULL)
+ strcpy(map, mapname);
+ else
+ sprintf(map, "%s.%d", mapname, j);
+
+ if ((dm_task_set_name(dmt, map)) == 0) {
+ fprintf(stderr, "dm_task_set_name failed\n");
+ ret = -1;
+ goto out;
+ }
- uuid_to_string(&info->uuid, &uu, &status);
- if (uu == NULL) {
- fprintf(stderr, "uuid_to_string failed\n");
- ret = -1;
- goto out;
- }
+ uuid_create(&info->uuid, &status);
+ if (status != uuid_s_ok) {
+ fprintf(stderr, "uuid_create failed\n");
+ ret = -1;
+ goto out;
+ }
- if ((dm_task_set_uuid(dmt, uu)) == 0) {
+ uuid_to_string(&info->uuid, &uu, &status);
+ if (uu == NULL) {
+ fprintf(stderr, "uuid_to_string failed\n");
+ ret = -1;
+ goto out;
+ }
+
+ if ((dm_task_set_uuid(dmt, uu)) == 0) {
+ free(uu);
+ fprintf(stderr, "dm_task_set_uuid failed\n");
+ ret = -1;
+ goto out;
+ }
free(uu);
- fprintf(stderr, "dm_task_set_uuid failed\n");
- ret = -1;
- goto out;
- }
- free(uu);
- if ((dm_task_add_target(dmt, info->start, info->size, "crypt", params)) == 0) {
- fprintf(stderr, "dm_task_add_target failed\n");
- ret = -1;
- goto out;
- }
+ if ((dm_task_add_target(dmt, start, info->size, "crypt", params)) == 0) {
+ fprintf(stderr, "dm_task_add_target failed\n");
+ ret = -1;
+ goto out;
+ }
- if ((dm_task_run(dmt)) == 0) {
- fprintf(stderr, "dm_task_task_run failed\n");
- ret = -1;
- goto out;
- }
+ if ((dm_task_run(dmt)) == 0) {
+ fprintf(stderr, "dm_task_task_run failed\n");
+ ret = -1;
+ goto out;
+ }
+
+ if ((dm_task_get_info(dmt, &dmi)) == 0) {
+ fprintf(stderr, "dm_task_get info failed\n");
+ /* XXX: probably do more than just erroring out... */
+ ret = -1;
+ goto out;
+ }
+
+ skip = 0;
+ offset = 0;
+ start = 0;
+ sprintf(dev, "/dev/mapper/%s.%d", mapname, j);
- if ((dm_task_get_info(dmt, &dmi)) == 0) {
- fprintf(stderr, "dm_task_get info failed\n");
- /* XXX: probably do more than just erroring out... */
- ret = -1;
- goto out;
}
out:
View
8 tc-play.h
@@ -44,6 +44,9 @@
#define TC_VOLFLAG_SYSTEM 0x01 /* system encryption */
#define TC_VOLFLAG_INPLACE 0x02 /* non-system in-place-encrypted volume */
+#if 1
+#define DEBUG 1
+#endif
#include <uuid.h>
@@ -62,6 +65,7 @@ struct tc_crypto_algo {
struct tc_cipher_chain {
struct tc_crypto_algo *cipher;
unsigned char *key;
+ char dm_key[MAX_KEYSZ*2 + 1];
struct tc_cipher_chain *prev;
struct tc_cipher_chain *next;
@@ -101,7 +105,7 @@ struct tcplay_info {
struct tchdr_dec *hdr;
struct tc_cipher_chain *cipher_chain;
struct pbkdf_prf_algo *pbkdf_prf;
- char key[MAX_KEYSZ*2];
+ char key[MAX_KEYSZ*2 + 1];
off_t start; /* Logical volume offset in table */
size_t size; /* Volume size */
@@ -120,6 +124,8 @@ int write_mem(const char *dev, off_t offset, size_t blksz, void *mem, size_t byt
int read_passphrase(char *prompt, char *pass, size_t passlen);
int tc_crypto_init(void);
+int tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain,
+ unsigned char *key);
int tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
unsigned char *iv,
unsigned char *in, int in_len, unsigned char *out);
Please sign in to comment.
Something went wrong with that request. Please try again.