"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/tcrypt/tcrypt.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

tcrypt.c  (cryptsetup-2.3.6.tar.xz):tcrypt.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 277 skipping to change at line 277
uint32_t *l = (uint32_t*)&buf[0]; uint32_t *l = (uint32_t*)&buf[0];
uint32_t *r = (uint32_t*)&buf[4]; uint32_t *r = (uint32_t*)&buf[4];
*l = swab32(*l); *l = swab32(*l);
*r = swab32(*r); *r = swab32(*r);
} }
static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg, static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg,
const char *key, char *buf) const char *key, char *buf)
{ {
int bs = alg->iv_size; int bs = alg->iv_size;
char iv[bs], iv_old[bs]; char iv[8], iv_old[8];
struct crypt_cipher *cipher = NULL; struct crypt_cipher *cipher = NULL;
int i, j, r; int i, j, r;
assert(bs == 2*sizeof(uint32_t)); assert(bs == 8);
r = crypt_cipher_init(&cipher, "blowfish", "ecb", r = crypt_cipher_init(&cipher, "blowfish", "ecb",
&key[alg->key_offset], alg->key_size); &key[alg->key_offset], alg->key_size);
if (r < 0) if (r < 0)
return r; return r;
memcpy(iv, &key[alg->iv_offset], alg->iv_size); memcpy(iv, &key[alg->iv_offset], alg->iv_size);
for (i = 0; i < TCRYPT_HDR_LEN; i += bs) { for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
memcpy(iv_old, &buf[i], bs); memcpy(iv_old, &buf[i], bs);
TCRYPT_swab_le(&buf[i]); TCRYPT_swab_le(&buf[i]);
skipping to change at line 383 skipping to change at line 383
return r; return r;
} }
/* /*
* For chained ciphers and CBC mode we need "outer" decryption. * For chained ciphers and CBC mode we need "outer" decryption.
* Backend doesn't provide this, so implement it here directly using ECB. * Backend doesn't provide this, so implement it here directly using ECB.
*/ */
static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers, static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers,
const char *key, struct tcrypt_phdr *hdr) const char *key, struct tcrypt_phdr *hdr)
{ {
struct crypt_cipher *cipher[ciphers->chain_count]; struct crypt_cipher *cipher[3];
unsigned int bs = ciphers->cipher[0].iv_size; unsigned int bs = ciphers->cipher[0].iv_size;
char *buf = (char*)&hdr->e, iv[bs], iv_old[bs]; char *buf = (char*)&hdr->e, iv[16], iv_old[16];
unsigned int i, j; unsigned int i, j;
int r = -EINVAL; int r = -EINVAL;
assert(ciphers->chain_count <= 3);
assert(bs <= 16);
TCRYPT_remove_whitening(buf, &key[8]); TCRYPT_remove_whitening(buf, &key[8]);
memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs); memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs);
/* Initialize all ciphers in chain in ECB mode */ /* Initialize all ciphers in chain in ECB mode */
for (j = 0; j < ciphers->chain_count; j++) for (j = 0; j < ciphers->chain_count; j++)
cipher[j] = NULL; cipher[j] = NULL;
for (j = 0; j < ciphers->chain_count; j++) { for (j = 0; j < ciphers->chain_count; j++) {
r = crypt_cipher_init(&cipher[j], ciphers->cipher[j].name, "ecb", r = crypt_cipher_init(&cipher[j], ciphers->cipher[j].name, "ecb",
&key[ciphers->cipher[j].key_offset], &key[ciphers->cipher[j].key_offset],
skipping to change at line 428 skipping to change at line 431
for (j = 0; j < ciphers->chain_count; j++) for (j = 0; j < ciphers->chain_count; j++)
if (cipher[j]) if (cipher[j])
crypt_cipher_destroy(cipher[j]); crypt_cipher_destroy(cipher[j]);
crypt_safe_memzero(iv, bs); crypt_safe_memzero(iv, bs);
crypt_safe_memzero(iv_old, bs); crypt_safe_memzero(iv_old, bs);
return r; return r;
} }
static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
const char *key, uint32_t flags) const char *key, struct crypt_params_tcrypt *param s)
{ {
struct tcrypt_phdr hdr2; struct tcrypt_phdr hdr2;
int i, j, r = -EINVAL; int i, j, r = -EINVAL;
for (i = 0; tcrypt_cipher[i].chain_count; i++) { for (i = 0; tcrypt_cipher[i].chain_count; i++) {
if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].lega if (params->cipher && !strstr(tcrypt_cipher[i].long_name, params-
cy) >cipher))
continue;
if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher
[i].legacy)
continue; continue;
log_dbg(cd, "TCRYPT: trying cipher %s-%s", log_dbg(cd, "TCRYPT: trying cipher %s-%s",
tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode); tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN); memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4)) if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4))
r = TCRYPT_decrypt_cbci(&tcrypt_cipher[i], key, &hdr2); r = TCRYPT_decrypt_cbci(&tcrypt_cipher[i], key, &hdr2);
else for (j = tcrypt_cipher[i].chain_count - 1; j >= 0 ; j--) { else for (j = tcrypt_cipher[i].chain_count - 1; j >= 0 ; j--) {
if (!tcrypt_cipher[i].cipher[j].name) if (!tcrypt_cipher[i].cipher[j].name)
skipping to change at line 466 skipping to change at line 471
r = -ENOENT; r = -ENOENT;
continue; continue;
} }
if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN )) { if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN )) {
log_dbg(cd, "TCRYPT: Signature magic detected."); log_dbg(cd, "TCRYPT: Signature magic detected.");
memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
r = i; r = i;
break; break;
} }
if ((flags & CRYPT_TCRYPT_VERA_MODES) && if ((params->flags & CRYPT_TCRYPT_VERA_MODES) &&
!strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LE N)) { !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LE N)) {
log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt) ."); log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt) .");
memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
r = i; r = i;
break; break;
} }
r = -EPERM; r = -EPERM;
} }
crypt_safe_memzero(&hdr2, sizeof(hdr2)); crypt_safe_memzero(&hdr2, sizeof(hdr2));
skipping to change at line 571 skipping to change at line 576
r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i], keyfiles_po ol_length); r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i], keyfiles_po ol_length);
if (r < 0) if (r < 0)
goto out; goto out;
} }
/* If provided password, combine it with pool */ /* If provided password, combine it with pool */
for (i = 0; i < params->passphrase_size; i++) for (i = 0; i < params->passphrase_size; i++)
pwd[i] += params->passphrase[i]; pwd[i] += params->passphrase[i];
for (i = 0; tcrypt_kdf[i].name; i++) { for (i = 0; tcrypt_kdf[i].name; i++) {
if (params->hash_name && strcmp(params->hash_name, tcrypt_kdf[i].
hash))
continue;
if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i] .legacy) if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i] .legacy)
continue; continue;
if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].v eracrypt) if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].v eracrypt)
continue; continue;
if ((params->flags & CRYPT_TCRYPT_VERA_MODES) && params->veracryp t_pim) { if ((params->flags & CRYPT_TCRYPT_VERA_MODES) && params->veracryp t_pim) {
/* Do not try TrueCrypt modes if we have PIM value */ /* Do not try TrueCrypt modes if we have PIM value */
if (!tcrypt_kdf[i].veracrypt) if (!tcrypt_kdf[i].veracrypt)
continue; continue;
/* adjust iterations to given PIM cmdline parameter */ /* adjust iterations to given PIM cmdline parameter */
iterations = tcrypt_kdf[i].veracrypt_pim_const + iterations = tcrypt_kdf[i].veracrypt_pim_const +
skipping to change at line 601 skipping to change at line 608
hdr->salt, TCRYPT_HDR_SALT_LEN, hdr->salt, TCRYPT_HDR_SALT_LEN,
key, TCRYPT_HDR_KEY_LEN, key, TCRYPT_HDR_KEY_LEN,
iterations, 0, 0); iterations, 0, 0);
if (r < 0) { if (r < 0) {
log_verbose(cd, _("PBKDF2 hash algorithm %s not available , skipping."), log_verbose(cd, _("PBKDF2 hash algorithm %s not available , skipping."),
tcrypt_kdf[i].hash); tcrypt_kdf[i].hash);
continue; continue;
} }
/* Decrypt header */ /* Decrypt header */
r = TCRYPT_decrypt_hdr(cd, hdr, key, params->flags); r = TCRYPT_decrypt_hdr(cd, hdr, key, params);
if (r == -ENOENT) { if (r == -ENOENT) {
skipped++; skipped++;
r = -EPERM; r = -EPERM;
} }
if (r != -EPERM) if (r != -EPERM)
break; break;
} }
if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) { if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) {
log_err(cd, _("Required kernel crypto interface not available.")) ; log_err(cd, _("Required kernel crypto interface not available.")) ;
skipping to change at line 1025 skipping to change at line 1032
tcrypt_params->mode = algs->mode; tcrypt_params->mode = algs->mode;
return 0; return 0;
} }
uint64_t TCRYPT_get_data_offset(struct crypt_device *cd, uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
struct tcrypt_phdr *hdr, struct tcrypt_phdr *hdr,
struct crypt_params_tcrypt *params) struct crypt_params_tcrypt *params)
{ {
uint64_t size; uint64_t size;
/* No real header loaded, initialized by active device */ if (!hdr->d.version) {
if (!hdr->d.version) /* No real header loaded, initialized by active device, use defau
goto hdr_offset; lt mk_offset */
} else if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
/* Mapping through whole device, not partition! */ /* Mapping through whole device, not partition! */
if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
if (crypt_dev_is_partition(device_path(crypt_data_device(cd)))) if (crypt_dev_is_partition(device_path(crypt_data_device(cd))))
return 0; return 0;
goto hdr_offset; } else if (params->mode && !strncmp(params->mode, "xts", 3)) {
}
if (params->mode && !strncmp(params->mode, "xts", 3)) {
if (hdr->d.version < 3) if (hdr->d.version < 3)
return 1; return 1;
if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
if (hdr->d.version > 3) if (hdr->d.version > 3)
return (hdr->d.mk_offset / SECTOR_SIZE); return (hdr->d.mk_offset / SECTOR_SIZE);
if (device_size(crypt_metadata_device(cd), &size) < 0) if (device_size(crypt_metadata_device(cd), &size) < 0)
return 0; return 0;
return (size - hdr->d.hidden_volume_size + return (size - hdr->d.hidden_volume_size +
(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE; (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE;
} }
goto hdr_offset; } else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
}
if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
if (device_size(crypt_metadata_device(cd), &size) < 0) if (device_size(crypt_metadata_device(cd), &size) < 0)
return 0; return 0;
return (size - hdr->d.hidden_volume_size + return (size - hdr->d.hidden_volume_size +
(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE; (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE;
} }
hdr_offset:
return hdr->d.mk_offset / SECTOR_SIZE; return hdr->d.mk_offset / SECTOR_SIZE;
} }
uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd, uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
struct tcrypt_phdr *hdr, struct tcrypt_phdr *hdr,
struct crypt_params_tcrypt *params) struct crypt_params_tcrypt *params)
{ {
uint64_t iv_offset; uint64_t iv_offset;
if (params->mode && !strncmp(params->mode, "xts", 3)) if (params->mode && !strncmp(params->mode, "xts", 3))
 End of changes. 14 change blocks. 
24 lines changed or deleted 25 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)