"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/loopaes/loopaes.c" between
cryptsetup-2.0.6.tar.xz and cryptsetup-2.1.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

loopaes.c  (cryptsetup-2.0.6.tar.xz):loopaes.c  (cryptsetup-2.1.0.tar.xz)
/* /*
* loop-AES compatible volume handling * loop-AES compatible volume handling
* *
* Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved. * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
* Copyright (C) 2011-2018, Milan Broz * Copyright (C) 2011-2019 Milan Broz
* *
* This file is free software; you can redistribute it and/or * This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public * modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either * License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version. * version 2.1 of the License, or (at your option) any later version.
* *
* This file is distributed in the hope that it will be useful, * This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
skipping to change at line 140 skipping to change at line 140
struct volume_key **vk, struct volume_key **vk,
const char *hash, const char *hash,
unsigned int *keys_count, unsigned int *keys_count,
char *buffer, char *buffer,
size_t buffer_len) size_t buffer_len)
{ {
const char *keys[LOOPAES_KEYS_MAX]; const char *keys[LOOPAES_KEYS_MAX];
unsigned int key_lengths[LOOPAES_KEYS_MAX]; unsigned int key_lengths[LOOPAES_KEYS_MAX];
unsigned int i, key_index, key_len, offset; unsigned int i, key_index, key_len, offset;
log_dbg("Parsing loop-AES keyfile of size %zu.", buffer_len); log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len);
if (!buffer_len) if (!buffer_len)
return -EINVAL; return -EINVAL;
if (keyfile_is_gpg(buffer, buffer_len)) { if (keyfile_is_gpg(buffer, buffer_len)) {
log_err(cd, _("Detected not yet supported GPG encrypted keyfile.\ n")); log_err(cd, _("Detected not yet supported GPG encrypted keyfile." ));
log_std(cd, _("Please use gpg --decrypt <KEYFILE> | cryptsetup -- keyfile=- ...\n")); log_std(cd, _("Please use gpg --decrypt <KEYFILE> | cryptsetup -- keyfile=- ...\n"));
return -EINVAL; return -EINVAL;
} }
/* Remove EOL in buffer */ /* Remove EOL in buffer */
for (i = 0; i < buffer_len; i++) for (i = 0; i < buffer_len; i++)
if (buffer[i] == '\n' || buffer[i] == '\r') if (buffer[i] == '\n' || buffer[i] == '\r')
buffer[i] = '\0'; buffer[i] = '\0';
offset = 0; offset = 0;
key_index = 0; key_index = 0;
key_lengths[0] = 0; key_lengths[0] = 0;
while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) { while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) {
keys[key_index] = &buffer[offset]; keys[key_index] = &buffer[offset];
key_lengths[key_index] = 0;; key_lengths[key_index] = 0;;
while (offset < buffer_len && buffer[offset]) { while (offset < buffer_len && buffer[offset]) {
offset++; offset++;
key_lengths[key_index]++; key_lengths[key_index]++;
} }
if (offset == buffer_len) { if (offset == buffer_len) {
log_dbg("Unterminated key #%d in keyfile.", key_index); log_dbg(cd, "Unterminated key #%d in keyfile.", key_index );
log_err(cd, _("Incompatible loop-AES keyfile detected.")) ; log_err(cd, _("Incompatible loop-AES keyfile detected.")) ;
return -EINVAL; return -EINVAL;
} }
while (offset < buffer_len && !buffer[offset]) while (offset < buffer_len && !buffer[offset])
offset++; offset++;
key_index++; key_index++;
} }
/* All keys must be the same length */ /* All keys must be the same length */
key_len = key_lengths[0]; key_len = key_lengths[0];
for (i = 0; i < key_index; i++) for (i = 0; i < key_index; i++)
if (!key_lengths[i] || (key_lengths[i] != key_len)) { if (!key_lengths[i] || (key_lengths[i] != key_len)) {
log_dbg("Unexpected length %d of key #%d (should be %d)." , log_dbg(cd, "Unexpected length %d of key #%d (should be % d).",
key_lengths[i], i, key_len); key_lengths[i], i, key_len);
key_len = 0; key_len = 0;
break; break;
} }
if (offset != buffer_len || key_len == 0 || if (offset != buffer_len || key_len == 0 ||
(key_index != 1 && key_index !=64 && key_index != 65)) { (key_index != 1 && key_index !=64 && key_index != 65)) {
log_err(cd, _("Incompatible loop-AES keyfile detected.")); log_err(cd, _("Incompatible loop-AES keyfile detected."));
return -EINVAL; return -EINVAL;
} }
log_dbg("Keyfile: %d keys of length %d.", key_index, key_len); log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len);
*keys_count = key_index; *keys_count = key_index;
return hash_keys(cd, vk, hash, keys, key_index, return hash_keys(cd, vk, hash, keys, key_index,
crypt_get_volume_key_size(cd), key_len); crypt_get_volume_key_size(cd), key_len);
} }
int LOOPAES_activate(struct crypt_device *cd, int LOOPAES_activate(struct crypt_device *cd,
const char *name, const char *name,
const char *base_cipher, const char *base_cipher,
unsigned int keys_count, unsigned int keys_count,
struct volume_key *vk, struct volume_key *vk,
uint32_t flags) uint32_t flags)
{ {
char *cipher = NULL;
uint32_t req_flags, dmc_flags;
int r; int r;
uint32_t req_flags, dmc_flags;
char *cipher = NULL;
struct crypt_dm_active_device dmd = { struct crypt_dm_active_device dmd = {
.target = DM_CRYPT, .flags = flags,
.size = 0,
.flags = flags,
.data_device = crypt_data_device(cd),
.u.crypt = {
.cipher = NULL,
.vk = vk,
.offset = crypt_get_data_offset(cd),
.iv_offset = crypt_get_iv_offset(cd),
.sector_size = crypt_get_sector_size(cd),
}
}; };
r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
dmd.u.crypt.offset, &dmd.size, &dmd.flags); crypt_get_data_offset(cd), &dmd.size, &dmd.flags)
;
if (r) if (r)
return r; return r;
if (keys_count == 1) { if (keys_count == 1) {
req_flags = DM_PLAIN64_SUPPORTED; req_flags = DM_PLAIN64_SUPPORTED;
r = asprintf(&cipher, "%s-%s", base_cipher, "cbc-plain64"); r = asprintf(&cipher, "%s-%s", base_cipher, "cbc-plain64");
} else { } else {
req_flags = DM_LMK_SUPPORTED; req_flags = DM_LMK_SUPPORTED;
r = asprintf(&cipher, "%s:%d-%s", base_cipher, 64, "cbc-lmk"); r = asprintf(&cipher, "%s:%d-%s", base_cipher, 64, "cbc-lmk");
} }
if (r < 0) if (r < 0)
return -ENOMEM; return -ENOMEM;
dmd.u.crypt.cipher = cipher; r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
log_dbg("Trying to activate loop-AES device %s using cipher %s.", vk, cipher, crypt_get_iv_offset(cd),
name, dmd.u.crypt.cipher); crypt_get_data_offset(cd), crypt_get_integrity(cd),
crypt_get_integrity_tag_size(cd), crypt_get_sector_size(c
d));
r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0); if (r) {
free(cipher);
return r;
}
log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.",
name, cipher);
if (r < 0 && !dm_flags(DM_CRYPT, &dmc_flags) && r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd);
if (r < 0 && !dm_flags(cd, DM_CRYPT, &dmc_flags) &&
(dmc_flags & req_flags) != req_flags) { (dmc_flags & req_flags) != req_flags) {
log_err(cd, _("Kernel doesn't support loop-AES compatible mapping .")); log_err(cd, _("Kernel doesn't support loop-AES compatible mapping ."));
r = -ENOTSUP; r = -ENOTSUP;
} }
dm_targets_free(cd, &dmd);
free(cipher); free(cipher);
return r; return r;
} }
 End of changes. 15 change blocks. 
27 lines changed or deleted 30 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)