"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/bitlk/bitlk.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

bitlk.c  (cryptsetup-2.3.6.tar.xz):bitlk.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 1103 skipping to change at line 1103
} }
*vk = crypt_alloc_volume_key(key_size - BITLK_OPEN_KEY_METADATA_LEN, *vk = crypt_alloc_volume_key(key_size - BITLK_OPEN_KEY_METADATA_LEN,
(const char *)(outbuf + BITLK_OPEN_KEY_ME TADATA_LEN)); (const char *)(outbuf + BITLK_OPEN_KEY_ME TADATA_LEN));
r = *vk ? 0 : -ENOMEM; r = *vk ? 0 : -ENOMEM;
out: out:
crypt_safe_free(outbuf); crypt_safe_free(outbuf);
return r; return r;
} }
int BITLK_activate(struct crypt_device *cd, int BITLK_get_volume_key(struct crypt_device *cd,
const char *name, const char *password,
const char *password, size_t passwordLen,
size_t passwordLen, const struct bitlk_metadata *params,
const struct bitlk_metadata *params, struct volume_key **open_fvek_key)
uint32_t flags)
{ {
int r = 0; int r = 0;
int i = 0;
int j = 0;
int min = 0;
int num_segments = 0;
struct crypt_dm_active_device dmd = {
.flags = flags,
};
struct dm_target *next_segment = NULL;
struct volume_key *open_vmk_key = NULL; struct volume_key *open_vmk_key = NULL;
struct volume_key *open_fvek_key = NULL;
struct volume_key *vmk_dec_key = NULL; struct volume_key *vmk_dec_key = NULL;
struct volume_key *recovery_key = NULL; struct volume_key *recovery_key = NULL;
const struct bitlk_vmk *next_vmk = NULL; const struct bitlk_vmk *next_vmk = NULL;
struct segment segments[MAX_BITLK_SEGMENTS] = {};
struct segment temp;
uint64_t next_start = 0;
uint64_t next_end = 0;
uint64_t last_segment = 0;
uint32_t dmt_flags;
if (!params->state) {
log_err(cd, _("This BITLK device is in an unsupported state and c
annot be activated."));
r = -ENOTSUP;
goto out;
}
if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) {
log_err(cd, _("BITLK devices with type '%s' cannot be activated."
), get_bitlk_type_string(params->type));
r = -ENOTSUP;
goto out;
}
next_vmk = params->vmks; next_vmk = params->vmks;
while (next_vmk) { while (next_vmk) {
if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) { if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) {
r = bitlk_kdf(cd, password, passwordLen, false, next_vmk- >salt, &vmk_dec_key); r = bitlk_kdf(cd, password, passwordLen, false, next_vmk- >salt, &vmk_dec_key);
if (r) { if (r) {
/* something wrong happened, but we still want to check other key slots */ /* something wrong happened, but we still want to check other key slots */
next_vmk = next_vmk->next; next_vmk = next_vmk->next;
continue; continue;
} }
skipping to change at line 1202 skipping to change at line 1174
if (r < 0) { if (r < 0) {
log_dbg(cd, "Failed to decrypt VMK using provided passphr ase."); log_dbg(cd, "Failed to decrypt VMK using provided passphr ase.");
crypt_free_volume_key(vmk_dec_key); crypt_free_volume_key(vmk_dec_key);
if (r == -ENOTSUP) if (r == -ENOTSUP)
return r; return r;
next_vmk = next_vmk->next; next_vmk = next_vmk->next;
continue; continue;
} }
crypt_free_volume_key(vmk_dec_key); crypt_free_volume_key(vmk_dec_key);
r = decrypt_key(cd, &open_fvek_key, params->fvek->vk, open_vmk_ke y, r = decrypt_key(cd, open_fvek_key, params->fvek->vk, open_vmk_key ,
params->fvek->mac_tag, BITLK_VMK_MAC_TAG_SIZE, params->fvek->mac_tag, BITLK_VMK_MAC_TAG_SIZE,
params->fvek->nonce, BITLK_NONCE_SIZE, true); params->fvek->nonce, BITLK_NONCE_SIZE, true);
if (r < 0) { if (r < 0) {
log_dbg(cd, "Failed to decrypt FVEK using VMK."); log_dbg(cd, "Failed to decrypt FVEK using VMK.");
crypt_free_volume_key(open_vmk_key); crypt_free_volume_key(open_vmk_key);
if (r == -ENOTSUP) if (r == -ENOTSUP)
return r; return r;
} else { } else {
crypt_free_volume_key(open_vmk_key); crypt_free_volume_key(open_vmk_key);
break; break;
} }
next_vmk = next_vmk->next; next_vmk = next_vmk->next;
} }
if (r) { if (r) {
log_dbg(cd, "No more VMKs to try."); log_dbg(cd, "No more VMKs to try.");
return r; return r;
} }
/* Password verify only */ return 0;
if (!name) { }
crypt_free_volume_key(open_fvek_key);
return r; static int _activate_check(struct crypt_device *cd,
const struct bitlk_metadata *params)
{
const struct bitlk_vmk *next_vmk = NULL;
if (!params->state) {
log_err(cd, _("This BITLK device is in an unsupported state and c
annot be activated."));
return -ENOTSUP;
}
if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) {
log_err(cd, _("BITLK devices with type '%s' cannot be activated."
), get_bitlk_type_string(params->type));
return -ENOTSUP;
} }
next_vmk = params->vmks; next_vmk = params->vmks;
while (next_vmk) { while (next_vmk) {
if (next_vmk->protection == BITLK_PROTECTION_CLEAR_KEY) { if (next_vmk->protection == BITLK_PROTECTION_CLEAR_KEY) {
crypt_free_volume_key(open_fvek_key);
log_err(cd, _("Activation of partially decrypted BITLK de vice is not supported.")); log_err(cd, _("Activation of partially decrypted BITLK de vice is not supported."));
return -ENOTSUP; return -ENOTSUP;
} }
next_vmk = next_vmk->next; next_vmk = next_vmk->next;
} }
return 0;
}
static int _activate(struct crypt_device *cd,
const char *name,
struct volume_key *open_fvek_key,
const struct bitlk_metadata *params,
uint32_t flags)
{
int r = 0;
int i = 0;
int j = 0;
int min = 0;
int num_segments = 0;
struct crypt_dm_active_device dmd = {
.flags = flags,
};
struct dm_target *next_segment = NULL;
struct segment segments[MAX_BITLK_SEGMENTS] = {};
struct segment temp;
uint64_t next_start = 0;
uint64_t next_end = 0;
uint64_t last_segment = 0;
uint32_t dmt_flags;
r = _activate_check(cd, params);
if (r)
return r;
r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
0, &dmd.size, &dmd.flags); 0, &dmd.size, &dmd.flags);
if (r) { if (r)
crypt_free_volume_key(open_fvek_key);
return r; return r;
}
/* there will be always 4 dm-zero segments: 3x metadata, 1x FS header */ /* there will be always 4 dm-zero segments: 3x metadata, 1x FS header */
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
segments[num_segments].offset = params->metadata_offset[i] / SECT OR_SIZE; segments[num_segments].offset = params->metadata_offset[i] / SECT OR_SIZE;
segments[num_segments].length = BITLK_FVE_METADATA_SIZE / SECTOR_ SIZE; segments[num_segments].length = BITLK_FVE_METADATA_SIZE / SECTOR_ SIZE;
segments[num_segments].iv_offset = 0; segments[num_segments].iv_offset = 0;
segments[num_segments].type = BITLK_SEGTYPE_ZERO; segments[num_segments].type = BITLK_SEGTYPE_ZERO;
num_segments++; num_segments++;
} }
segments[num_segments].offset = params->volume_header_offset / SECTOR_SIZ E; segments[num_segments].offset = params->volume_header_offset / SECTOR_SIZ E;
skipping to change at line 1379 skipping to change at line 1389
log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK IV.")); log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK IV."));
r = -ENOTSUP; r = -ENOTSUP;
} }
if (!strcmp(params->cipher_mode, "cbc-elephant") && !(dmt_flags & DM_BITLK_ELEPHANT_SUPPORTED)) { if (!strcmp(params->cipher_mode, "cbc-elephant") && !(dmt_flags & DM_BITLK_ELEPHANT_SUPPORTED)) {
log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser.")); log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."));
r = -ENOTSUP; r = -ENOTSUP;
} }
} }
out: out:
dm_targets_free(cd, &dmd); dm_targets_free(cd, &dmd);
return r;
}
int BITLK_activate_by_passphrase(struct crypt_device *cd,
const char *name,
const char *password,
size_t passwordLen,
const struct bitlk_metadata *params,
uint32_t flags)
{
int r = 0;
struct volume_key *open_fvek_key = NULL;
r = _activate_check(cd, params);
if (r)
return r;
r = BITLK_get_volume_key(cd, password, passwordLen, params, &open_fvek_ke
y);
if (r < 0)
goto out;
/* Password verify only */
if (!name)
goto out;
r = _activate(cd, name, open_fvek_key, params, flags);
out:
crypt_free_volume_key(open_fvek_key);
return r;
}
int BITLK_activate_by_volume_key(struct crypt_device *cd,
const char *name,
const char *volume_key,
size_t volume_key_size,
const struct bitlk_metadata *params,
uint32_t flags)
{
int r = 0;
struct volume_key *open_fvek_key = NULL;
r = _activate_check(cd, params);
if (r)
return r;
open_fvek_key = crypt_alloc_volume_key(volume_key_size, volume_key);
if (!open_fvek_key)
return -ENOMEM;
r = _activate(cd, name, open_fvek_key, params, flags);
crypt_free_volume_key(open_fvek_key); crypt_free_volume_key(open_fvek_key);
return r; return r;
} }
 End of changes. 11 change blocks. 
44 lines changed or deleted 106 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)