[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new patches

To: Andries.Brouwer@cwi.nl
Subject: new patches
From: Ben Slusky <sluskyb@paranoiacs.org>
Date: Thu, 7 Aug 2003 18:14:56 -0400
Cc: linux-crypto@nl.linux.org
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Mail-Followup-To: Andries.Brouwer@cwi.nl, linux-crypto@nl.linux.org
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mutt/1.4i

New patches here:

The variable key size patch has been touched up a bit but is functionally
identical.

The external program patch has been reworked. The external program
is now specified like this:
	mount -o loop,encryption=aes-cbc-128,keygen=hashprog;sha256 \
		~sluskyb/testloop /mnt/test
The looped file and the encryption method are passed as additional
arguments, so this would run "hashprog sha256 ~sluskyb/testloop
aes-cbc-128" and read the encryption key from its stdout.

There is no equivalent option in losetup, but then
	hashprog sha256 |losetup -e aes-cbc-128 -p 0 /dev/loop/11 \
		~sluskyb/testloop
works just fine.

I've cut out xgetpass() entirely. Now that hashing is done outside
losetup, there's no sense in reading any more than LO_KEY_SIZE bytes.
So if we're given an fd or an external program then we do a plain old
read(2), otherwise a plain old getpass(3).

QCF?

-- 
Ben Slusky                      | "You think that's air you're
sluskyb@paranoiacs.org          |  breathing now?"
sluskyb@stwing.org              |               -Morpheus
PGP keyID ADA44B3B

--- lomount.c-fixed-key-size	2003-07-16 19:56:53.000000000 -0400
+++ lomount.c	2003-08-07 13:34:22.000000000 -0400
@@ -24,12 +24,15 @@
 #include <ctype.h>
 #include <fcntl.h>
 #include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/mman.h>
 #include <sys/sysmacros.h>
+#include <regex.h>
 
 #include "loop.h"
 #include "lomount.h"
@@ -249,7 +252,7 @@
 set_loop(const char *device, const char *file, int offset,
 	 const char *encryption, int pfd, int *loopro) {
 	struct loop_info64 loopinfo64;
-	int fd, ffd, mode;
+	int fd, ffd, mode, keysize = 0;
 	char *pass;
 
 	mode = (*loopro ? O_RDONLY : O_RDWR);
@@ -275,9 +278,38 @@
 		if (digits_only(encryption)) {
 			loopinfo64.lo_encrypt_type = atoi(encryption);
 		} else {
+			regex_t keysize_re;
+			regmatch_t keysize_rm;
+			int rerror;
+			char rerror_buf[LINE_MAX+1],
+				*encryption_dup = xstrdup(encryption);
+
 			loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
+
+			if ((rerror = regcomp(&keysize_re,
+					      "-[[:digit:]]+$",
+					      REG_EXTENDED)) != 0) {
+				fprintf(stderr, _("regcomp: "));	
+				regerror(rerror, &keysize_re, rerror_buf,
+					 LINE_MAX);
+				fprintf(stderr, "%s\n", rerror_buf);
+			} else {
+				if (regexec(&keysize_re, encryption_dup,
+				   	    1, &keysize_rm, 0) == 0) {
+					keysize = atoi(encryption_dup +
+						       keysize_rm.rm_so + 1);
+					/* convert #bits to #bytes */
+					keysize /= 8;
+					/* cut the keysize out now */
+					encryption_dup[keysize_rm.rm_so] = '\0';
+				}
+
+				regfree(&keysize_re);
+			}
+			
 			snprintf(loopinfo64.lo_crypt_name, LO_NAME_SIZE,
-				 "%s", encryption);
+				 "%s", encryption_dup);
+			free(encryption_dup);
 		}
 	}
 
@@ -307,9 +339,14 @@
 			strlen(loopinfo64.lo_encrypt_key);
 		break;
 	default:
+		if (keysize == 0) {
+			fprintf(stderr, _("You must specify a key size (in bits) for use with CryptoAPI encryption.\n"));
+			return -1;
+		}
+		/* FIXME we should be checking keysize against the min/max in /proc/crypto */
 		pass = xgetpass(pfd, _("Password: "));
 		xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
-		loopinfo64.lo_encrypt_key_size = LO_KEY_SIZE;
+		loopinfo64.lo_encrypt_key_size = keysize;
 	}
 
 	if (ioctl(fd, LOOP_SET_FD, ffd) < 0) {

--- lomount.c-no-reader-prog	2003-08-07 13:48:35.000000000 -0400
+++ lomount.c	2003-08-07 16:32:26.000000000 -0400
@@ -33,6 +33,7 @@
 #include <sys/mman.h>
 #include <sys/sysmacros.h>
 #include <regex.h>
+#include <signal.h>
 
 #include "loop.h"
 #include "lomount.h"
@@ -201,45 +202,6 @@
 	return 0;
 }
 
-/*
- * A function to read the passphrase either from the terminal or from
- * an open file descriptor.
- */
-static char *
-xgetpass(int pfd, const char *prompt) {
-	char *pass;
-	int buflen, i;
-
-        if (pfd < 0) /* terminal */
-		return getpass(prompt);
-
-	pass = NULL;
-	buflen = 0;
-	for (i=0; ; i++) {
-		if (i >= buflen-1) {
-				/* we're running out of space in the buffer.
-				 * Make it bigger: */
-			char *tmppass = pass;
-			buflen += 128;
-			pass = realloc(tmppass, buflen);
-			if (pass == NULL) {
-				/* realloc failed. Stop reading. */
-				error("Out of memory while reading passphrase");
-				pass = tmppass; /* the old buffer hasn't changed */
-				break;
-			}
-		}
-		if (read(pfd, pass+i, 1) != 1 || pass[i] == '\n')
-			break;
-	}
-	if (pass == NULL)
-		return "";
-	else {
-		pass[i] = 0;
-		return pass;
-	}
-}
-
 static int
 digits_only(const char *s) {
 	while (*s)
@@ -344,8 +306,26 @@
 			return -1;
 		}
 		/* FIXME we should be checking keysize against the min/max in /proc/crypto */
-		pass = xgetpass(pfd, _("Password: "));
-		xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
+
+		if (pfd == -1) {
+			pass = getpass(_("Password: "));
+			xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
+		} else {
+			/* If we're reading from an extenral program,	*
+			 * odds are good that a SIGCHLD will interrupt	*
+			 * this read(), and ruin our whole day. So we	*
+			 * must block it.				*/
+			sigset_t ss, oss;
+			sigemptyset(&ss);
+			sigaddset(&ss, SIGCHLD);
+			sigprocmask(SIG_BLOCK, &ss, &oss);
+			if (read(pfd, loopinfo64.lo_encrypt_key,
+				 LO_KEY_SIZE) == -1) {
+				perror("read");
+				fprintf(stderr, _("Error reading encryption key, exiting\n"));
+			}
+			sigprocmask(SIG_SETMASK, &oss, NULL);
+		}
 		loopinfo64.lo_encrypt_key_size = keysize;
 	}
 
--- mount.8-no-reader-prog	2003-08-04 00:26:04.000000000 -0400
+++ mount.8	2003-08-07 17:02:39.000000000 -0400
@@ -1696,6 +1696,11 @@
 .BR loop ", " offset " and " encryption ,
 that are really options to
 .BR losetup (8).
+You can also use the
+.BR keygen
+option to have mount call an external program from, which it will read the
+encryption key. Arguments to this program can be given, separated by semicolons.
+
 If no explicit loop device is mentioned
 (but just an option `\fB\-o loop\fP' is given), then
 .B mount
--- mount.c-no-reader-prog	2003-07-15 17:38:48.000000000 -0400
+++ mount.c	2003-08-07 16:43:12.000000000 -0400
@@ -195,7 +195,7 @@
 };
 
 static char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption,
-  *opt_speed;
+  *opt_keygen, *opt_speed;
 
 static struct string_opt_map {
   char *tag;
@@ -206,6 +206,7 @@
   { "vfs=",	1, &opt_vfstype },
   { "offset=",	0, &opt_offset },
   { "encryption=", 0, &opt_encryption },
+  { "keygen=", 0, &opt_keygen },
   { "speed=", 0, &opt_speed },
   { NULL, 0, NULL }
 };
@@ -586,7 +587,7 @@
       *type = opt_vfstype;
   }
 
-  *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
+  *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption || opt_keygen);
   *loopfile = *spec;
 
   if (*loop) {
@@ -596,6 +597,11 @@
 	printf(_("mount: skipping the setup of a loop device\n"));
     } else {
       int loopro = (*flags & MS_RDONLY);
+      /* Extra args to the keygen program. Right now there are 2:	*
+       *   - the looped file						*
+       *   - the encryption type used					*/
+      char *keygen_args[] = {*loopfile, opt_encryption};
+      const int _n_keygen_args = 2;
 
       if (!*loopdev || !**loopdev)
 	*loopdev = find_unused_loop_device();
@@ -604,6 +610,8 @@
       if (verbose)
 	printf(_("mount: going to use the loop device %s\n"), *loopdev);
       offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0;
+      if (opt_keygen)
+	pfd = use_keygen_prog(opt_keygen, keygen_args, _n_keygen_args);
       if (set_loop(*loopdev, *loopfile, offset,
 		   opt_encryption, pfd, &loopro)) {
 	if (verbose)
--- sundries.c-no-reader-prog	2003-08-04 00:24:47.000000000 -0400
+++ sundries.c	2003-08-07 16:53:40.000000000 -0400
@@ -12,6 +12,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <mntent.h>		/* for MNTTYPE_SWAP */
+#include <sys/types.h>
+#include <sys/wait.h>
 #include "fstab.h"
 #include "sundries.h"
 #include "realpath.h"
@@ -285,3 +287,101 @@
      free(canonical);
      return xstrdup(path);
 }
+
+static volatile pid_t keygen_pid = -1;
+
+/* Handle a SIGCHLD -- wait for the child process */
+static void
+child_handler (int i) {
+	int status;
+	if (keygen_pid != -1 && wait(&status) == keygen_pid) {
+		keygen_pid = -1;
+		if (WEXITSTATUS(status) != 0)
+			exit(WEXITSTATUS(status));
+	}
+}
+
+/* Make sure we clean up after the child */
+static void
+child_cleanup (void) {
+	/* "Clean up" means wait. So we let child_handler do all the work */
+	while (keygen_pid != -1)
+		sleep(1);
+}
+
+/* Split a string into pieces, using delim as the delimiter.		*
+ * Returns the number of pieces.					*/
+static int
+split_args (char *args[], const char *str, const char *delim, int nargs) {
+	int i=0;
+	char *s = xstrdup(str);
+	args[0] = strtok(s, delim);
+	if (args[0] == NULL)
+		return 0;
+
+	while (++i < nargs) {
+		if ((args[i] = strtok(NULL, delim)) == NULL)
+			break;
+	}
+
+	return i;
+}
+
+#define KEYGEN_MAX_ARGS 64	/* more than anyone will need, right? */
+
+/* Call an external program to give us the encryption key for an	*
+ * encrypted device. We split the string s into a command and args on	*
+ * semicolons ('cuz you can't put spaces in the fs_mntopts field), then	*
+ * add some specific args (eg. the looped file or device, the		*
+ * encryption method used; check the caller to see the actual list).	*
+ * Returns a file descriptor from which we read the key.		*/
+int
+use_keygen_prog (const char *s, const char *addl_args[], int naddl_args) {
+	int fd[2]; 
+
+	struct sigaction sa = {
+		.sa_handler = child_handler,
+		.sa_flags = SA_NOCLDSTOP
+	};
+
+	if (pipe(fd) == -1) {
+		perror("pipe");
+		exit(EX_SYSERR);
+	}
+	if (sigaction(SIGCHLD, &sa, NULL) == -1) {
+		perror("sigaction");
+		exit(EX_SYSERR);
+	}
+	if ((keygen_pid = fork()) == -1) {
+		perror("fork");
+		exit(EX_SYSERR);
+	} else if (keygen_pid) {	/* parent */
+		atexit(child_cleanup);
+		close(fd[1]);
+		return fd[0];
+	} else {		/* child */
+		char *args[KEYGEN_MAX_ARGS+1];
+		int i, n = split_args(args, s, ";", KEYGEN_MAX_ARGS - naddl_args);
+		if (!n) {
+			fprintf(stderr, _("Invalid keygen program, exiting\n"));
+			exit(EX_USAGE);
+		}
+		for(i=0; i < naddl_args; i++)
+			args[n+i] = addl_args[i];
+		args[n+naddl_args] = NULL;
+
+		close(fd[0]);
+		if (dup2(fd[1], STDOUT_FILENO) == -1) {
+			perror("dup2");
+			exit(EX_SYSERR);
+		}
+		setuid(getuid());	/* set euid to ruid */
+		if (execvp(args[0], args) == -1) {
+			perror(args[0]);
+			exit(EX_USAGE);
+		}
+	}
+
+	return 0; /* so gcc will shut up */
+}
+
--- sundries.h-no-reader-prog	2002-10-31 20:00:50.000000000 -0500
+++ sundries.h	2003-08-07 17:07:52.000000000 -0400
@@ -25,6 +25,7 @@
 void error (const char *fmt, ...);
 int matching_type (const char *type, const char *types);
 int matching_opts (const char *options, const char *test_opts);
+int use_keygen_prog (const char *s, const char *addl_args[], int naddl_args);
 void *xmalloc (size_t size);
 char *xstrdup (const char *s);
 char *xstrndup (const char *s, int n);

Prev by Date: world's most trusted antivirus solution.*
Next by Date: Do you suffer from small penis? 238593
Prev by thread: world's most trusted antivirus solution.*
Next by thread: Do you suffer from small penis? 238593
Index(es):
- Date
- Thread