Merge pull request #240 from vpodzime/master-tc_support

Add functions for opening/closing TrueCrypt/VeraCrypt volumes
storaged-project · Jun 27, 2017 · 5ec119d · 5ec119d
2 parents b1e0d7d + cc64002
commit 5ec119d
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 0 deletions.
diff --git a/docs/libblockdev-sections.txt b/docs/libblockdev-sections.txt
@@ -77,6 +77,8 @@ bd_crypto_luks_remove_key_blob
 bd_crypto_luks_change_key
 bd_crypto_luks_change_key_blob
 bd_crypto_luks_resize
+bd_crypto_tc_open
+bd_crypto_tc_close
 bd_crypto_escrow_device
 </SECTION>
 

diff --git a/src/lib/plugin_apis/crypto.api b/src/lib/plugin_apis/crypto.api
@@ -238,6 +238,28 @@ gboolean bd_crypto_luks_change_key_blob (const gchar *device, const guint8 *pass
  */
 gboolean bd_crypto_luks_resize (const gchar *luks_device, guint64 size, GError **error);
 
+/**
+ * bd_crypto_tc_open:
+ * @device: the device to open
+ * @name: name for the TrueCrypt/VeraCrypt device
+ * @pass_data: (array length=data_len): a passphrase for the TrueCrypt/VeraCrypt volume (may contain arbitrary binary data)
+ * @data_len: length of the @pass_data buffer
+ * @read_only: whether to open as read-only or not (meaning read-write)
+ * @error: (out): place to store error (if any)
+ *
+ * Returns: whether the @device was successfully opened or not
+ */
+gboolean bd_crypto_tc_open (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, gboolean read_only, GError **error);
+
+/**
+ * bd_crypto_tc_close:
+ * @tc_device: TrueCrypt/VeraCrypt device to close
+ * @error: (out): place to store error (if any)
+ *
+ * Returns: whether the given @tc_device was successfully closed or not
+ */
+gboolean bd_crypto_tc_close (const gchar *tc_device, GError **error);
+
 /**
  * bd_crypto_escrow_device:
  * @device: path of the device to create escrow data for

diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c
@@ -865,6 +865,109 @@ gboolean bd_crypto_luks_resize (const gchar *luks_device, guint64 size, GError *
     return TRUE;
 }
 
+/**
+ * bd_crypto_tc_open:
+ * @device: the device to open
+ * @name: name for the TrueCrypt/VeraCrypt device
+ * @pass_data: (array length=data_len): a passphrase for the TrueCrypt/VeraCrypt volume (may contain arbitrary binary data)
+ * @data_len: length of the @pass_data buffer
+ * @read_only: whether to open as read-only or not (meaning read-write)
+ * @error: (out): place to store error (if any)
+ *
+ * Returns: whether the @device was successfully opened or not
+ */
+gboolean bd_crypto_tc_open (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, gboolean read_only, GError **error) {
+    struct crypt_device *cd = NULL;
+    gint ret = 0;
+    guint64 progress_id = 0;
+    gchar *msg = NULL;
+    struct crypt_params_tcrypt params = {0};
+
+    msg = g_strdup_printf ("Started opening '%s' TrueCrypt/VeraCrypt device", device);
+    progress_id = bd_utils_report_started (msg);
+    g_free (msg);
+
+    if (data_len == 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_NO_KEY,
+                     "No passphrase nor key file specified, cannot open.");
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
+    ret = crypt_init (&cd, device);
+    if (ret != 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE,
+                     "Failed to initialize device: %s", strerror_l(-ret, c_locale));
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
+    params.passphrase = (const char*) pass_data;
+    params.passphrase_size = data_len;
+    ret = crypt_load (cd, CRYPT_TCRYPT, &params);
+    if (ret != 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE,
+                     "Failed to load device's parameters: %s", strerror_l(-ret, c_locale));
+        crypt_free (cd);
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
+    ret = crypt_activate_by_volume_key (cd, name, NULL, 0,
+                                        read_only ? CRYPT_ACTIVATE_READONLY : 0);
+
+    if (ret < 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE,
+                     "Failed to activate device: %s", strerror_l(-ret, c_locale));
+        crypt_free (cd);
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
+    crypt_free (cd);
+    bd_utils_report_finished (progress_id, "Completed");
+    return TRUE;
+}
+
+/**
+ * bd_crypto_tc_close:
+ * @tc_device: TrueCrypt/VeraCrypt device to close
+ * @error: (out): place to store error (if any)
+ *
+ * Returns: whether the given @tc_device was successfully closed or not
+ */
+gboolean bd_crypto_tc_close (const gchar *tc_device, GError **error) {
+    struct crypt_device *cd = NULL;
+    gint ret = 0;
+    guint64 progress_id = 0;
+    gchar *msg = NULL;
+
+    msg = g_strdup_printf ("Started closing TrueCrypt/VeraCrypt device '%s'", tc_device);
+    progress_id = bd_utils_report_started (msg);
+    g_free (msg);
+
+    ret = crypt_init_by_name (&cd, tc_device);
+    if (ret != 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE,
+                     "Failed to initialize device: %s", strerror_l(-ret, c_locale));
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
+    ret = crypt_deactivate (cd, tc_device);
+    if (ret != 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE,
+                     "Failed to deactivate device: %s", strerror_l(-ret, c_locale));
+        crypt_free (cd);
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
+    crypt_free (cd);
+    bd_utils_report_finished (progress_id, "Completed");
+    return TRUE;
+}
+
 static gchar *always_fail_cb (gpointer data __attribute__((unused)), const gchar *prompt __attribute__((unused)), int echo __attribute__((unused))) {
     return NULL;
 }

diff --git a/src/plugins/crypto.h b/src/plugins/crypto.h
@@ -61,6 +61,10 @@ gboolean bd_crypto_luks_remove_key_blob (const gchar *device, const guint8 *pass
 gboolean bd_crypto_luks_change_key (const gchar *device, const gchar *pass, const gchar *npass, GError **error);
 gboolean bd_crypto_luks_change_key_blob (const gchar *device, const guint8 *pass_data, gsize data_len, const guint8 *npass_data, gsize ndata_len, GError **error);
 gboolean bd_crypto_luks_resize (const gchar *device, guint64 size, GError **error);
+
+gboolean bd_crypto_tc_open (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, gboolean read_only, GError **error);
+gboolean bd_crypto_tc_close (const gchar *tc_device, GError **error);
+
 gboolean bd_crypto_escrow_device (const gchar *device, const gchar *passphrase, const gchar *cert_data, const gchar *directory, const gchar *backup_passphrase, GError **error);
 
 #endif  /* BD_CRYPTO */