diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-10-24 20:56:11 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-10-24 20:56:11 +0200 |
| commit | 234137bce39a03eab02044234c8f970498ccc5b0 (patch) | |
| tree | 85e2d2707d34ac7f19ee0f7c6b23ea309701b470 /sys/src/9/port | |
| parent | f3feafc476ff108231dd6e0e3ac3cd420a62a81c (diff) | |
fix bugs and cleanup cryptsetup code
devfs:
- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed
cryptsetup:
- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page
Diffstat (limited to 'sys/src/9/port')
| -rw-r--r-- | sys/src/9/port/devfs.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/sys/src/9/port/devfs.c b/sys/src/9/port/devfs.c index e5e6659b1..1dcbcf28e 100644 --- a/sys/src/9/port/devfs.c +++ b/sys/src/9/port/devfs.c @@ -90,7 +90,7 @@ struct Fsdev vlong start; /* start address (for Fpart) */ uint ndevs; /* number of inner devices */ Inner *inner[Ndevs]; /* inner devices */ - void *extra; /* extra state for the device */ + Key *key; /* crypt key */ }; struct Tree @@ -351,6 +351,7 @@ mdeldev(Fsdev *mp) } wunlock(&lck); + secfree(mp->key); free(mp->name); for(i = 0; i < mp->ndevs; i++){ in = mp->inner[i]; @@ -359,8 +360,6 @@ mdeldev(Fsdev *mp) free(in->iname); free(in); } - if(debug) - memset(mp, 9, sizeof *mp); /* poison */ free(mp); } @@ -553,7 +552,7 @@ mconfig(char* a, long n) vlong size, start; vlong *ilen; char *tname, *dname, *fakef[4]; - uchar key[32]; + uchar key[32]; Chan **idev; Cmdbuf *cb; Cmdtab *ct; @@ -601,7 +600,8 @@ mconfig(char* a, long n) mdelctl("*", "*"); /* del everything */ return; case Fcrypt: - dec16(key, 32, cb->f[2], 64); + if(dec16(key, 32, cb->f[2], strlen(cb->f[2])) != 32) + error("bad hexkey"); cb->nf -= 1; break; case Fpart: @@ -693,13 +693,11 @@ Fail: mp->size = size * sectorsz; } if(mp->type == Fcrypt) { - Key *k = mallocz(sizeof(Key), 1); - if(k == nil) - error(Enomem); + Key *k = secalloc(sizeof(Key)); setupAESstate(&k->tweak, &key[0], 16, nil); setupAESstate(&k->ecb, &key[16], 16, nil); memset(key, 0, 32); - mp->extra = k; + mp->key = k; } for(i = 1; i < cb->nf; i++){ inprv = mp->inner[i-1] = mallocz(sizeof(Inner), 1); @@ -712,8 +710,6 @@ Fail: } setdsize(mp, ilen); - - poperror(); wunlock(&lck); free(idev); @@ -1033,7 +1029,7 @@ cryptio(Fsdev *mp, int isread, uchar *a, long l, vlong off) if(off < 0 || l <= 0 || ((off|l) & (Sectsz-1))) error(Ebadarg); - k = mp->extra; + k = mp->key; in = mp->inner[0]; mc = in->idev; if(mc == nil) |