74
76
static bool dmc_run(const struct ehd_mtreq *req, struct ehd_mount *mt)
78
const char *start_args[12];
80
char key_size[HXSIZEOF_Z32+2];
78
struct crypt_device *cd;
79
unsigned int flags = 0;
80
char *cipher = NULL, *mode;
82
ret = dmc_is_luks(mt->lower_device, true);
83
ret = crypt_init(&cd, mt->lower_device);
84
l0g("cryptsetup isLuks got terminated\n");
85
fprintf(stderr, "crypt_init: %s\n", strerror(-ret));
90
start_args[argk++] = "cryptsetup";
92
start_args[argk++] = "--readonly";
93
if (req->fs_cipher != NULL) {
94
start_args[argk++] = "-c";
95
start_args[argk++] = req->fs_cipher;
98
start_args[argk++] = "luksOpen";
99
start_args[argk++] = mt->lower_device;
100
start_args[argk++] = mt->crypto_name;
89
flags |= CRYPT_ACTIVATE_READONLY;
91
ret = crypt_load(cd, CRYPT_LUKS1, NULL);
93
ret = crypt_activate_by_passphrase(cd, mt->crypto_name,
94
CRYPT_ANY_SLOT, req->key_data, req->key_size, flags);
96
fprintf(stderr, "crypt_activate_by_passphrase: %s\n",
102
start_args[argk++] = "--key-file=-";
103
start_args[argk++] = "-h";
104
start_args[argk++] = req->fs_hash;
105
if (req->trunc_keysize != 0) {
106
snprintf(key_size, sizeof(key_size), "-s%u",
108
start_args[argk++] = key_size;
110
start_args[argk++] = "create";
111
start_args[argk++] = mt->crypto_name;
112
start_args[argk++] = mt->lower_device;
114
start_args[argk] = NULL;
115
assert(argk < ARRAY_SIZE(start_args));
118
arglist_llog(start_args);
120
memset(&proc, 0, sizeof(proc));
121
proc.p_flags = HXPROC_VERBOSE | HXPROC_STDIN;
122
if ((ret = HXproc_run_async(start_args, &proc)) <= 0) {
123
l0g("Error setting up crypto device: %s\n", strerror(-ret));
127
/* Ignore return value, we can't do much in case it fails */
128
if (write(proc.p_stdin, req->key_data, req->key_size) < 0)
129
w4rn("%s: password send erro: %s\n", __func__, strerror(errno));
131
if ((ret = HXproc_wait(&proc)) != 0) {
132
w4rn("cryptsetup exited with non-zero status %d\n", ret);
101
struct crypt_params_plain params = {.hash = req->fs_hash};
103
cipher = HX_strdup(req->fs_cipher);
104
if (cipher == NULL) {
108
/* stuff like aes-cbc-essiv:sha256 => aes, cbc-essiv:sha256 */
109
mode = strchr(cipher, '-');
115
ret = crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL,
116
req->trunc_keysize, ¶ms);
118
fprintf(stderr, "crypt_format: %s\n", strerror(-ret));
122
if (strcmp(req->fs_hash, "plain") == 0)
123
ret = crypt_activate_by_volume_key(cd, mt->crypto_name,
124
req->key_data, req->key_size, flags);
126
ret = crypt_activate_by_passphrase(cd, mt->crypto_name,
127
CRYPT_ANY_SLOT, req->key_data, req->key_size,
130
fprintf(stderr, "crypt_activate: %s\n", strerror(-ret));
138
return ret >= 0 ? true : false;
139
141
static int dmc_load(const struct ehd_mtreq *req, struct ehd_mount *mt)
149
151
static int dmc_unload(const struct ehd_mount *mt)
151
const char *args[] = {
152
"cryptsetup", "remove", NULL, NULL,
156
if (mt->crypto_name != NULL)
157
args[2] = mt->crypto_name;
158
else if (mt->crypto_device != NULL)
159
args[2] = mt->crypto_device;
160
if (args[2] != NULL) {
161
ret = HXproc_run_sync(args, HXPROC_VERBOSE);
163
l0g("Could not unload dm-crypt device \"%s\", "
164
"cryptsetup returned HXproc status %d\n",
165
mt->crypto_device, ret);
153
struct crypt_device *cd;
157
ret = crypt_init(&cd, mt->crypto_device);
161
cname = (mt->crypto_name != NULL) ? mt->crypto_name :
162
HX_basename(mt->crypto_device);
163
ret = crypt_deactivate(cd, cname);
165
return (ret < 0) ? ret : 1;
172
168
const struct ehd_crypto_ops ehd_dmcrypt_ops = {