diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-10-24 20:56:11 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-10-24 20:56:11 +0200 |
| commit | 234137bce39a03eab02044234c8f970498ccc5b0 (patch) | |
| tree | 85e2d2707d34ac7f19ee0f7c6b23ea309701b470 /sys/src/cmd/cryptsetup/cryptsetup.c | |
| parent | f3feafc476ff108231dd6e0e3ac3cd420a62a81c (diff) | |
fix bugs and cleanup cryptsetup code
devfs:
- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed
cryptsetup:
- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page
Diffstat (limited to 'sys/src/cmd/cryptsetup/cryptsetup.c')
| -rw-r--r-- | sys/src/cmd/cryptsetup/cryptsetup.c | 189 |
1 files changed, 0 insertions, 189 deletions
diff --git a/sys/src/cmd/cryptsetup/cryptsetup.c b/sys/src/cmd/cryptsetup/cryptsetup.c deleted file mode 100644 index 13f9a3a4b..000000000 --- a/sys/src/cmd/cryptsetup/cryptsetup.c +++ /dev/null @@ -1,189 +0,0 @@ -// Author Taru Karttunen <taruti@taruti.net> -// This file can be used as both Public Domain or Creative Commons CC0. -#include <u.h> -#include <libc.h> -#include "crypt.h" - -void format(char *file[]); -void copen(char *file[], int); -char*readcons(char *prompt, char *def, int raw, char *buf, int nbuf); -int pkcs5_pbkdf2(const unsigned char *pass, int pass_len, const unsigned char *salt, int salt_len, unsigned char *key, int key_len, int rounds); - -void -usage(void) -{ - print("usage: \ncryptsetup -f files \t\t# Format file or device\ncryptsetup -o files \t\t# Print commandline for open\ncryptsetup -i files\t\t# Install (open) files\n"); - exits("usage"); -} - -enum -{ - NoMode, - Format, - Open, - Install, -}; - - -void -main(int argc, char *argv[]) -{ - int mode; - - mode = 0; - - ARGBEGIN { - default: - usage(); - case 'f': - mode = Format; - break; - case 'o': - mode = Open; - break; - case 'i': - mode = Install; - break; - } ARGEND; - - if((mode == NoMode) || (argc < 1)) - usage(); - - switch(mode) { - case Format: - format(argv); - break; - case Install: - case Open: - copen(argv, mode); - break; - } -} - -void -format(char *files[]) -{ - char trand[48], pass1[64], pass2[64]; - unsigned char tkey[16], tivec[16], buf[64*1024]; - XtsState s; - AESstate cbc; - int i,j, fd; - - do { - readcons("password", nil, 1, pass1, 64); - readcons("confirm", nil, 1, pass2, 64); - } while(strcmp(pass1, pass2) != 0); - - do { - readcons("Are you sure you want to delete all data? (YES to procees)", nil, 0, (char*)buf, 4); - } while(strcmp((char*)buf, "YES") != 0); - - srand(truerand()); - - for(;*files;files++) { - - for(i = 0; i < 16*4096; i++) - buf[i] = rand(); - - for(i = 0; i < 48; i+=4) - *((unsigned*)&trand[i]) = truerand(); - memcpy(s.Master, trand, 32); - memcpy(s.Slots[0].Salt, trand+32, 16); - - pkcs5_pbkdf2((unsigned char*)pass1, strlen(pass1), s.Slots[0].Salt, 16, (unsigned char*)tkey, 16, 9999); - memset(tivec, 0, 16); - setupAESstate(&cbc, tkey, 16, tivec); - memcpy(s.Slots[0].Key, s.Master, 32); - aesCBCencrypt(s.Slots[0].Key, 32, &cbc); - - for(i=0; i<16; i++) - for(j=0; j<8; j++) { - buf[(4096*i)] = 1; - buf[(4096*i)+(4*j)+1] = s.Slots[j].Salt[i]; - buf[(4096*i)+(4*j)+2] = s.Slots[j].Key[i]; - buf[(4096*i)+(4*j)+3] = s.Slots[j].Key[i+16]; - } - - if((fd = open(*files, OWRITE)) < 0) - exits("Cannot open disk "); - - /* make the pad for checking crypto */ - for(i=0; i<8; i++) { - buf[(64*1024)-8+i] = ~buf[(64*1024)-16+i]; - } - memset(tivec, 0, 16); - setupAESstate(&cbc, s.Master, 16, tivec); - aes_encrypt(cbc.ekey, cbc.rounds, &buf[(64*1024)-16], &buf[(64*1024)-16]); - - write(fd, buf, 16*4096); - - print("Disk %s written\n", *files); - } -} - -void copen(char *files[], int mode) { - unsigned char pass[32], buf[1024*64], tkey[16], tivec[16], cbuf[16]; - XtsState s; - int i,j,fd, oldpass; - AESstate cbc; - char *base, fdpath[1024]; - - oldpass = 0; - for(;*files; files++) { - if((fd = open(*files, OREAD)) < 0) - exits("Cannot open disk"); - - if(read(fd, buf, 1024*64) != 1024*64) - exits("Cannot read disk"); - - openpass: - for(i=0; i<16; i++) - for(j=0; j<8; j++) { - s.Slots[j].Salt[i] = buf[(4096*i)+(4*j)+1]; - s.Slots[j].Key[i] = buf[(4096*i)+(4*j)+2]; - s.Slots[j].Key[i+16] = buf[(4096*i)+(4*j)+3]; - } - - if(!oldpass) - readcons("Password", nil, 1, (char*)pass, 32); - - memcpy(s.Master, s.Slots[0].Key, 32); - - pkcs5_pbkdf2(pass, strlen((char*)pass), s.Slots[0].Salt, 16, tkey, 16, 9999); - memset(tivec, 0, 16); - setupAESstate(&cbc, tkey, 16, tivec); - aesCBCdecrypt(s.Master, 32, &cbc); - - memset(tivec, 0, 16); - setupAESstate(&cbc, s.Master, 16, tivec); - - memcpy(cbuf, &buf[(64*1024)-16], 16); - aes_decrypt(cbc.dkey, cbc.rounds, cbuf, cbuf); - - /* make the pad for checking crypto */ - for(i=0; i<8; i++) - if((cbuf[i] ^ cbuf[i+8]) != 255) { - oldpass=0; - goto openpass; - } - - base = utfrrune(*files, '/'); - fd2path(fd, fdpath, 1024); - j = sprint((char*)buf, "crypt %s %s ", base ? base+1 : *files, fdpath); - - for(i=0; i<32; i++) { - sprint((char*)&buf[j], "%02X", s.Master[i]); - j += 2; - } - buf[j++] = '\n'; - close(fd); - if(mode == Install) { - fd = open("/dev/fs/ctl", OWRITE); - write(fd, buf, j); - close(fd); - } else { - write(1, buf, j); - } - oldpass=1; - } -}
\ No newline at end of file |