Permalink
Browse files

reimplement support for encrypted savefiles

using losetup-222 (static)
  • Loading branch information...
1 parent 332766a commit 44e15f2fc9cf0374f35b5c0cecf0470b4cf7a0c3 @wdlkmpx wdlkmpx committed Dec 30, 2016
View
@@ -44,17 +44,6 @@ In this release there have been many important changes.
* Here you can find the initrd skeleton, init script and pkgs.
* With this you can compile static apps for the initrd
and create initrd.gz automatically.
- * Dropped support for encrypted savefiles (using the old method)
- The encrypted savefiles use:
- 1) ext2 filesystem
- 2) unsupported losetup 2.22-
- 3) encrpyption methods known to be easily cracked
- - Tthere was a discussion about using cryptsetup or ecryptfs
- but cryptsetup is a bit unreliable for use with savefiles
- and ecryptfs does not work within aufs stack
- - So this the end for encrypted savefiles.. at least in WoofCE
- - However it could be possible to encrypt the home directory
- or something with ecryptfs.. this is a possibility
* Used by 3builddistro
* See README file for more details
- kernel-kit
@@ -51,6 +51,10 @@ L_ERROR_FAILED_AUFS_STACK='Failed to create empty aufs stack'
L_ADDING_MODULE="Adding module %s" #printf
L_NO_DISTRO_SPECS="No DISTRO_SPECS file found, assuming that personal storage is empty."
L_DEBUG_SAVE="To save debug info to a partition, type 'debugsave'"
+L_PASSWORD="Password:"
+L_PASSWORD_MSG_1="NOTICE: As you type your password nothing will be displayed on the screen."
+L_PASSWORD_MSG_2="This is a security measure. Just type it in then press ENTER key..."
+
##############################################################
/sbin/usablefs # mount: /proc /sys /dev / (proc sysfs devtmpfs rootfs)
@@ -63,6 +67,13 @@ KERNELVER="$(uname -r)"
VFAT_OUT_PARAM='shortname=mixed,quiet,utf8' #see also /sbin/set_plang
. /DISTRO_SPECS #v412 has DISTRO_VERSION, DISTRO_FILE_PREFIX
+#precaution - if using a DISTRO_SPECS not processed by 3builddistro...
+[ ! "$DISTRO_ZDRVSFS" ] && DISTRO_ZDRVSFS="zdrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_FDRVSFS" ] && DISTRO_FDRVSFS="fdrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_ADRVSFS" ] && DISTRO_ADRVSFS="adrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_YDRVSFS" ] && DISTRO_YDRVSFS="adrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_PUPPYSFS" ] && DISTRO_PUPPYSFS="puppy_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+
# filenames specified in DISTRO_SPECS: DISTRO_ZDRVSFS, DISTRO_PUPPYSFS...
Z_DEF_FN="$DISTRO_ZDRVSFS"
F_DEF_FN="$DISTRO_FDRVSFS"
@@ -423,11 +434,28 @@ format_bytes() {
load_ext_file() {
SAVE_SZ_FN=""
RESIZE_FN="$(dirname $SAVE_FN)/pupsaveresizenew.txt"
-#delete following line when resize file location is fixed
+ #delete following line when resize file location is fixed
[ -f "$RESIZE_FN" ] || RESIZE_FN="${SAVE_MP}/pupsaveresizenew.txt"
[ -f "$RESIZE_FN" ] && resize_ext_file
ONE_LOOP="$(losetup -f)"
- losetup $ONE_LOOP $SAVE_FN
+ #-- is the ${DISTRO_FILE_PREFIX}save encrypted?...
+ if echo "$SAVE_FN" | grep -q '_crypt' ;then
+ #mount encrypted savefile
+ case $SAVE_FN in
+ *cryptx*) CRYPTO='-e 1' ;;
+ *) CRYPTO='-e aes' ;;
+ esac
+ echo >/dev/console
+ echo "${L_PASSWORD_MSG_1}" >/dev/console
+ echo "${L_PASSWORD_MSG_2}" >/dev/console
+ echo -e "\\033[1;36m" >/dev/console #aqua-blue
+ echo -n "${L_PASSWORD} " >/dev/console
+ echo -en "\\033[0;39m" >/dev/console
+ read -s MYPASS
+ echo "$MYPASS" | losetup-222 -p 0 $CRYPTO $ONE_LOOP $SAVE_FN
+ else
+ losetup $ONE_LOOP $SAVE_FN
+ fi
SFFS='ext'$(echo -n "$SAVE_FN" | rev | cut -c 3)
[ "$PFSCK" = "yes" ] && { echo "" > /dev/console; fsck_func "$ONE_LOOP" "$SFFS"; }
[ "$SAVE_SZ_FN" ] && resize_ext_fs "$ONE_LOOP" "$SFFS"
@@ -52,6 +52,7 @@ nano_static
ntfs-3g_static
#sed_static
#util-linux_static
+util-linux-222_static
'
# to build specific pkgs:
@@ -74,6 +75,7 @@ e2fsck
grep
#kmod
#losetup
+losetup-222
nano
ntfs-3g
#ntfsfix
@@ -13,7 +13,7 @@ DEFAULT_x86=i686
DEFAULT_ARM=armv6l
#DEFAULT_ARM64=aarch64
-PREBUILT_BINARIES="http://01micko.com/wdlkmpx/woof-CE/initrd_progs-20161109-static.tar.xz"
+PREBUILT_BINARIES="http://01micko.com/wdlkmpx/woof-CE/initrd_progs-20161230-static.tar.xz"
ARCH=`uname -m`
OS_ARCH=$ARCH
@@ -280,6 +280,7 @@ function check_bin() {
e2fsprogs_static) static_bins='e2fsck resize2fs' ;;
findutils_static) static_bins='find' ;;
util-linux_static) static_bins='losetup' ;;
+ util-linux-222_static) static_bins='losetup-222' ;;
*) static_bins=${init_pkg%_*} ;;
esac
for sbin in ${static_bins} ; do
@@ -0,0 +1,54 @@
+diff -Naur util-linux-2.22.2/config/config.sub util-linux-2.22.2-patched/config/config.sub
+--- util-linux-2.22.2/config/config.sub 2012-09-18 02:53:51.000000000 +0000
++++ util-linux-2.22.2-patched/config/config.sub 2016-07-23 20:52:45.685261722 +0000
+@@ -253,7 +253,7 @@
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
++ | arc | arm | arm[bl]e | arme[lb] | armv[2345678] | armv[345678][lb] | avr | avr32 \
+ | be32 | be64 \
+ | bfin \
+ | c4x | clipper \
+diff -Naur util-linux-2.22.2/lib/tt.c util-linux-2.22.2-patched/lib/tt.c
+--- util-linux-2.22.2/lib/tt.c 2012-12-12 20:04:47.902355093 +0000
++++ util-linux-2.22.2-patched/lib/tt.c 2016-07-23 20:51:58.358596857 +0000
+@@ -22,7 +22,7 @@
+ #include "widechar.h"
+ #include "tt.h"
+ #include "mbsalign.h"
+-#include "ttyutils.h"
++//#include "ttyutils.h"
+
+ struct tt_symbols {
+ const char *branch;
+diff -Naur util-linux-2.22.2/term-utils/setterm.c util-linux-2.22.2-patched/term-utils/setterm.c
+--- util-linux-2.22.2/term-utils/setterm.c 2012-11-30 08:01:42.950919423 +0000
++++ util-linux-2.22.2-patched/term-utils/setterm.c 2016-07-23 20:51:58.358596857 +0000
+@@ -123,15 +123,6 @@
+ #include "nls.h"
+ #include "closestream.h"
+
+-#if __GNU_LIBRARY__ < 5
+-#ifndef __alpha__
+-# include <linux/unistd.h>
+-#define __NR_klogctl __NR_syslog
+-_syscall3(int, klogctl, int, type, char*, buf, int, len);
+-#else /* __alpha__ */
+-#define klogctl syslog
+-#endif
+-#endif
+ extern int klogctl(int type, char *buf, int len);
+
+ /* Constants. */
+diff -Naur util-linux-2.22.2/term-utils/ttymsg.c util-linux-2.22.2-patched/term-utils/ttymsg.c
+--- util-linux-2.22.2/term-utils/ttymsg.c 2012-11-29 15:15:00.347642630 +0000
++++ util-linux-2.22.2-patched/term-utils/ttymsg.c 2016-07-23 20:51:58.358596857 +0000
+@@ -42,6 +42,7 @@
+
+ #include <sys/types.h>
+ #include <sys/uio.h>
++#include <sys/param.h>
+ #include <signal.h>
+ #include <fcntl.h>
+ #include <dirent.h>
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. ../../func
+
+URL=https://www.kernel.org/pub/linux/utils/util-linux/v2.22
+SRC=util-linux
+PKG=util-linux-222_static
+VER=2.22.2
+COMP=tar.xz
+DESC=""
+DEPS=
+CAT=BuildingBlock
+CWD=`pwd`
+
+build() {
+ cd ${SRC}-${VER}
+ patch -p1 < ../util-linux-222.patch
+ opts="--prefix=/usr --enable-static-programs=losetup
+--disable-shared --disable-nls --without-ncurses --disable-libuuid --disable-libblkid
+--disable-libmount --disable-mount --disable-fsck --disable-partx
+--disable-uuidd --disable-mountpoint --disable-fallocate
+--disable-eject --disable-agetty
+--disable-cramfs --disable-switch_root --disable-pivot_root
+--disable-kill --disable-utmpdump --disable-raw --disable-rename
+--disable-chsh-only-listed --disable-login --disable-sulogin --disable-su
+--disable-schedutils --disable-wall
+--disable-pg-bell --disable-use-tty-group --disable-makeinstall-chown
+--disable-makeinstall-setuid --without-selinux "
+ _configure
+ sed -i 's|^LDFLAGS =.*|LDFLAGS = -all-static|' Makefile
+ _make ${MKFLG} losetup
+ abort_if_file_not_found losetup
+ install -d -m 0755 $CWD/${PKG}-${VER}-${ARCH}/bin
+ mv losetup losetup-222
+ _install losetup-222 $CWD/${PKG}-${VER}-${ARCH}/bin
+ cd -
+}
+
+package() {
+ # add this recipe
+ install -d -m 0755 ./${PKG}-${VER}-${ARCH}/build
+ cat ${PKG}.petbuild > ./${PKG}-${VER}-${ARCH}/build/$PKG-build-recipe
+ # move, don't package
+ cp -a --remove-destination ./${PKG}-${VER}-${ARCH}/* ../../00_${ARCH}
+ rm -r ${SRC}-${VER}
+ rm -r ${PKG}-${VER}-${ARCH}
+ echo "moved to initrd"
+ echo "done!"
+}
+
+# main
+retrieve ${SRC}-${VER}.${COMP}
+[ "$DLD_ONLY" = "yes" ] && exit
+extract ${SRC}-${VER}.${COMP}
+build
+package
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -253,9 +253,9 @@ case $PUPMODE in
mount -t $FILEFS -o noatime,rw,loop $SMNTPT$SAVEFILE /tmp/save1stpup
else
#note: loop2 is kept available for scripts to use. but, do this to find free one...
- DEVLOOP="`losetup-FULL -f`"
+ DEVLOOP="`losetup-222 -f`"
#'-p 0' means read password from stdin...
- echo "$MYPASSWORD" | losetup-FULL -p 0 $CRYPTO $DEVLOOP ${SMNTPT}$SAVEFILE >/dev/console
+ echo "$MYPASSWORD" | losetup-222 -p 0 $CRYPTO $DEVLOOP ${SMNTPT}$SAVEFILE >/dev/console
[ ! $? -eq 0 ] && exit 1
mount -t $FILEFS -o noatime,rw $DEVLOOP /tmp/save1stpup
fi
@@ -83,7 +83,7 @@ if [ "$MNTEDLOOP" = "" ];then #not mounted on $MntPt
*_cryptx*) #light encryption.
CRYPTO='light'
modprobe cryptoloop
- rxvt -geometry 25x3 -title "$(gettext 'Enter password')" -bg orange -e losetup-2.21 -E 1 $DEVLOOP $imgFile
+ rxvt -geometry 25x3 -title "$(gettext 'Enter password')" -bg orange -e losetup-222 -E 1 $DEVLOOP $imgFile
Err=$?
;;
*_crypt*) #heavy encryption.
@@ -97,7 +97,7 @@ if [ "$MNTEDLOOP" = "" ];then #not mounted on $MntPt
MYPASS="`pupdialog --title "$(gettext 'Password required')" --stdout --inputbox "$(gettext 'Password required to open') ${imgFileBASE}:" 0 0`"
Err=$?
if [ $Err -eq 0 ];then
- echo "$MYPASS" | losetup-2.21 -p 0 -e aes $DEVLOOP $imgFile
+ echo "$MYPASS" | losetup-222 -p 0 -e aes $DEVLOOP $imgFile
Err=$?
fi
;;
@@ -129,7 +129,7 @@ if [ "$MNTEDLOOP" = "" ];then #not mounted on $MntPt
/usr/lib/gtkdialog/box_splash -timeout 6 -bg green -text "`eval_gettext \"Click \\\$imgFileBASE icon again to unmount it\"`" &
defaultfilemanager -n "$MntPt" &
else
- [ "$CRYPTO" ] && losetup-2.21 -d $DEVLOOP
+ [ "$CRYPTO" ] && losetup-222 -d $DEVLOOP
rm -rf "$MntPt" #121203
fi
Oops, something went wrong.

3 comments on commit 44e15f2

@peabee
Contributor
peabee commented on 44e15f2 Dec 31, 2016 edited

Just did a test build with the new rationalise:
BUILD_FROM_WOOF='rationalise;44e15f2;2016-12-30 23:09:45 +0000'

Creation and use of both light and heavy savefiles seemed to go OK....

however.... trying to open the .2fs files:
.crypta-heavy - dialogue to enter password appeared but mounting failed
.cryptx-lite - yellow dialogue box flashed open and immediately closed - mounting failed
screenshot

@wdlkmpx
Contributor

i fixed that issue. add latest /usr/sbin/filemnt and /usr/lib/gtkdialog/box_passwd (new) to a adrv and test..

@peabee
Contributor
peabee commented on 44e15f2 Jan 1, 2017

Tested - AOK

Please sign in to comment.