[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cryptoswap script
I've been working on Dale Amon's cryptoswap.sh Debian initialization
script. The script no longer requires devfs. I would like some feedback
from whoever may be interested.
I have not updated the script's documentation yet, but this fstab
record will give you an AES encrypted swap partition using /dev/hdaX
and /dev/loopY:
/dev/loopY none swap sw,swapfile=/dev/hdaX,encryption=aes 0 0
Of course, doing this will destroy any existing data on /dev/hdaX so
be careful. Perform at your own risk!
If you are using Debian, install the script in /etc/init.d and make the
appropriate links to rcS.d, rc6.d and rc0.d. Crypto swap partitions
should be created right before checkroot.sh is run and torn down after
sysklogd.
Here is the script:
#!/bin/sh
#=============================================================================
# Cryptoswap space boot script
#
# Title: kernel
# Description: Setup and teardown crypto swap devices
# Programmed by: Dale Amon <amon@islandone.org>
# Revised by: $Author: kyle $
# Date: $Date: 2002/07/23 21:42:32 $
# Version: $Revision: 1.1 $
#
# NOTE: * THIS IS NOT A RELEASABLE VERSION
# * Something must be done to fill the entropy pool
# * compatibility with modular kernel with devfs?
# * what to do with a bad cipher name?
# * what to do with non-crypto kernel?
# * what to do with an as yet unloaded cipher module?
#
# HISTORY
# $Log: cryptoswap.sh,v $
# Revision 1.1 2002/07/23 21:42:32 kyle
# moving from cryptoapi
#
# Revision 1.1 2002/04/22 13:56:41 hvr
# added dale amon's cryptoswap script
#
# 20020331 Dale Amon <amon@vnl.com>
# Created Debian init script to work with International
# patch set with loop-jari patch.
#
# 20030808 W. Michael Petullo <mike@flyn.org>
# Now works fine with a read-only /dev filesystem.
# No longer requires devfs.
# /etc/fstab syntax changed.
# Fallback is no longer an option.
#
#=============================================================================
/etc/default/rcS
FADECNT=20 # Number of times to write zeroes over the data used
# for initial entropy.
#=============================================================================
# Parse the options cryptoswap attributes and values.
# It is responsible for setting the global values of:
#
# Args: A cryptoswap fstab option string, eg
# swapfile=/dev/hda2,encryption=twofish
#
# Sets Globals: swapfile
# cipher
# keybits
# wipe
#
function parse_cryptswap_options() {
# FIXME: I'm not sure this all handles records with #'s correctly (it
# could be possible to accidentally fool cryptoswap.sh that a record is
# a cryptoswap record using comments.
# Set the crypto options to default values
swapfile=
cipher=aes
keybits=
wipe=
ifssav=$IFS
IFS=","
for i in $1 ; do
IFS="="
case "$i" in
swapfile*)
a=($i)
swapfile=${a[1]}
;;
encryption*)
a=($i)
cipher=${a[1]}
;;
keybits*)
a=($i)
keybits=${a[1]}
;;
wipe*)
a=($i)
wipe=${a[1]}
if [ $wipe = 0 ]; then
wipe=
fi
;;
*)
;;
esac
done
IFS=$ifssav
}
#=============================================================================
case "$1" in
start|"")
[ "$VERBOSE" != no ] && echo "Securing swap devices"
# This will happen again later, but we need /dev/random now
if [ -f /var/lib/urandom/random-seed ]; then
cat /var/lib/urandom/random-seed >/dev/urandom
fi
exec 9>&0 </etc/fstab
while read fs mnt type opts dump pass junk; do
swap=
cswap=
#parse_cryptswap_options $opts
case "$type" in
""|\#*)
continue;
;;
swap)
if [ ${fs:0:9} == "/dev/loop" ]; then
parse_cryptswap_options $opts;
# The swapfile must be a block device or a normal file
if [ $swapfile ] && [ -b $swapfile -o -f $swapfile ]; then
# The fs must be an unused loop block device
if [ ! -b $fs ]; then
[ "$VERBOSE" != no ] && echo " Block device $fs not found";
else
cswap=1
fi
fi
fi
;;
esac
if [ $cswap ]; then
# echo "swapdev=$fs swap=$swapfile cipher=$cipher
# keybits=$keybits wipe=$wipe"
if [ $fs ] && /sbin/losetup ${fs} >& /dev/null; then
[ "$VERBOSE" != no ] && echo " Block device $fs in use"
elif [ $fs ]; then
[ "$VERBOSE" != no ] && echo -n " Cryptoswap setting up swap on $fs..."
# This was Jaaru's idea, using first 40kb for initial
# entropy, however if we
# wipe on shutdown, this won't work.
MD=`dd if=${fs} bs=4096 count=10 2>/dev/null | md5sum`
for (( CNT=0 ; $CNT < ${FADECNT} ; CNT++ )); do
# dd if=/dev/zero of=${fs} bs=4096 count=10 conv=notrunc
2>/dev/null
sync;
done
# FIXME UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \
# FIXME | uuencode -m - | tail -2 | head -1`
UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \
| hexdump | tail -2 | head -1`
DT=`date '+%s'`
# FIXME echo -n ${MD}${UR}${DT} | \
# losetup -p 0 -e ${cipher} -k ${keybits} ${fs} ${swapfile}
echo -n ${MD}${UR}${DT} | \
losetup -p 0 -e ${cipher} ${fs} ${swapfile}
MD=; UR=; DT=
# dd if=/dev/zero of=${fs} bs=4096 count=10 conv=notrunc
# 2>/dev/null
sync
mkswap $fs > /dev/null
[ "$VERBOSE" != no ] && echo "done."
else
[ "$VERBOSE" != no ] && echo " Cryptoswap failed to initialize $fs"
fi
fi
done
;;
stop)
[ "$VERBOSE" != no ] && echo "Clearing Swap"
exec 9>&0 </etc/fstab
while read fs mnt type opts dump pass junk; do
swap=
case "$type" in
""|\#*)
continue;
;;
swap)
swap=1
parse_cryptswap_options $opts
swapoff -a $fs >& /dev/null;
;;
esac
if [ $swap ]; then
# echo "swapdev=$fs swap=$swapfile cipher=$cipher \
# keybits=$keybits wipe=$wipe"
# For the truly paranoid, scrub swap on shutdown
if [ $wipe ]; then
[ "$VERBOSE" != no ] && echo -n " Clearing $fs..."
for (( CNT=0 ; CNT < $wipe ; CNT++ )) ; do
dd if=/dev/zero of=${fs} 2>/dev/null
sync
done
[ "$VERBOSE" != no ] && echo "done."
fi
if [ $fs ] && /sbin/losetup ${fs} >& /dev/null; then
[ "$VERBOSE" != no ] && echo -n " Detaching $fs from $fs..."
losetup -d $fs
[ "$VERBOSE" != no ] && echo "done."
fi
fi
done
exec 0>&9 9>&-
;;
*)
echo "Usage: cryptoswap {start|stop}" >&2
exit 1
;;
esac
exit 0
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/