shithub: riscv

Download patch

ref: 234137bce39a03eab02044234c8f970498ccc5b0
parent: f3feafc476ff108231dd6e0e3ac3cd420a62a81c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Oct 24 16:56:11 EDT 2016 

fix bugs and cleanup cryptsetup code

devfs:

- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed

cryptsetup:

- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page


--- a/sys/man/8/cryptsetup
+++ b/sys/man/8/cryptsetup
@@ -2,15 +2,15 @@
 .SH NAME
 cryptsetup \- setup encrypted partition
 .SH SYNOPSIS
-.B cryptsetup
+.B disk/cryptsetup
 .B -f
 .I files ...
 .br
-.B cryptsetup
+.B disk/cryptsetup
 .B -o
 .I files ...
 .br
-.B cryptsetup
+.B disk/cryptsetup
 .B -i
 .I files ...
 .SH DESCRIPTION
@@ -49,7 +49,7 @@
 .I files
 argument.
 .SH SOURCE
-.B /sys/src/cmd/cryptsetup
+.B /sys/src/cmd/disk/cryptsetup.c
 .SH SEE ALSO
 .IR aes (2) ,
 .IR fs (3)
--- a/sys/src/9/boot/bootfs.proto
+++ b/sys/src/9/boot/bootfs.proto
@@ -11,9 +11,9 @@
 		cat
 		cfs
 		chmod
-		cryptsetup
 		dd
 		disk
+			cryptsetup
 			edisk
 			fdisk
 			prep
--- a/sys/src/9/port/devfs.c
+++ b/sys/src/9/port/devfs.c
@@ -90,7 +90,7 @@
 	vlong	start;		/* start address (for Fpart) */
 	uint	ndevs;		/* number of inner devices */
 	Inner	*inner[Ndevs];	/* inner devices */
-	void *extra;                /* extra state for the device */
+	Key	*key;		/* crypt key */
 };
 
 struct Tree
@@ -351,6 +351,7 @@
 		}
 	wunlock(&lck);
 
+	secfree(mp->key);
 	free(mp->name);
 	for(i = 0; i < mp->ndevs; i++){
 		in = mp->inner[i];
@@ -359,8 +360,6 @@
 		free(in->iname);
 		free(in);
 	}
-	if(debug)
-		memset(mp, 9, sizeof *mp);	/* poison */
 	free(mp);
 }
 
@@ -553,7 +552,7 @@
 	vlong	size, start;
 	vlong	*ilen;
 	char	*tname, *dname, *fakef[4];
-	uchar key[32];
+	uchar	key[32];
 	Chan	**idev;
 	Cmdbuf	*cb;
 	Cmdtab	*ct;
@@ -601,7 +600,8 @@
 		mdelctl("*", "*");		/* del everything */
 		return;
 	case Fcrypt:
-		dec16(key, 32, cb->f[2], 64);
+		if(dec16(key, 32, cb->f[2], strlen(cb->f[2])) != 32)
+			error("bad hexkey");
 		cb->nf -= 1;
 		break;
 	case Fpart:
@@ -693,13 +693,11 @@
 		mp->size = size * sectorsz;
 	}
 	if(mp->type == Fcrypt) {
-		Key *k = mallocz(sizeof(Key), 1);
-		if(k == nil)
-			error(Enomem);
+		Key *k = secalloc(sizeof(Key));
 		setupAESstate(&k->tweak, &key[0], 16, nil);
 		setupAESstate(&k->ecb, &key[16], 16, nil);
 		memset(key, 0, 32);
-		mp->extra = k;
+		mp->key = k;
 	}
 	for(i = 1; i < cb->nf; i++){
 		inprv = mp->inner[i-1] = mallocz(sizeof(Inner), 1);
@@ -712,8 +710,6 @@
 	}
 	setdsize(mp, ilen);
 
-
-
 	poperror();
 	wunlock(&lck);
 	free(idev);
@@ -1033,7 +1029,7 @@
 	if(off < 0 || l <= 0 || ((off|l) & (Sectsz-1)))
 		error(Ebadarg);
 
-	k = mp->extra;
+	k = mp->key;
 	in = mp->inner[0];
 	mc = in->idev;
 	if(mc == nil)
--- a/sys/src/cmd/cryptsetup/crypt.h
+++ /dev/null
@@ -1,14 +1,0 @@
-// Author Taru Karttunen <taruti@taruti.net>
-// This file can be used as both Public Domain or Creative Commons CC0.
-#include <libsec.h>
-
-typedef struct {
-	unsigned char Salt[16];
-	unsigned char Key[32];
-} Slot;
-
-typedef struct {
-	unsigned char Master[32];
-	Slot Slots[8];
-	AESstate C1, C2;
-} XtsState;
--- a/sys/src/cmd/cryptsetup/cryptsetup.c
+++ /dev/null
@@ -1,189 +1,0 @@
-// Author Taru Karttunen <taruti@taruti.net>
-// This file can be used as both Public Domain or Creative Commons CC0.
-#include		<u.h>
-#include		<libc.h>
-#include		"crypt.h"
-
-void format(char *file[]);
-void copen(char *file[], int);
-char*readcons(char *prompt, char *def, int raw, char *buf, int nbuf);
-int pkcs5_pbkdf2(const unsigned char *pass, int pass_len, const unsigned char *salt, int salt_len, unsigned char *key, int key_len, int rounds);
-
-void 
-usage(void)
-{
-	print("usage: \ncryptsetup -f files \t\t# Format file or device\ncryptsetup -o files \t\t# Print commandline for open\ncryptsetup -i files\t\t# Install (open) files\n");
-	exits("usage");
-}
-
-enum
-{
-	NoMode,
-	Format,
-	Open,
-	Install,
-};
-
-
-void
-main(int argc, char *argv[])
-{
-	int mode;
-
-	mode = 0;
-
-	ARGBEGIN {
-	default:
-		usage();
-	case 'f':
-		mode = Format;
-		break;
-	case 'o':
-		mode = Open;
-		break;
-	case 'i':
-		mode = Install;
-		break;
-	} ARGEND;
-
-	if((mode == NoMode) || (argc < 1))
-		usage();
-
-	switch(mode) {
-	case Format:
-		format(argv);
-		break;
-	case Install:
-	case Open:
-		copen(argv, mode);
-		break;
-	}
-}
-
-void
-format(char *files[])
-{
-	char trand[48], pass1[64], pass2[64];
-	unsigned char tkey[16], tivec[16], buf[64*1024];
-	XtsState s;
-	AESstate cbc;
-	int i,j, fd;
-
-	do {
-		readcons("password", nil, 1, pass1, 64);
-		readcons("confirm", nil, 1, pass2, 64);
-	} while(strcmp(pass1, pass2) != 0);
-
-	do {
-		readcons("Are you sure you want to delete all data? (YES to procees)", nil, 0, (char*)buf, 4);
-	} while(strcmp((char*)buf, "YES") != 0);
-
-	srand(truerand());
-
-	for(;*files;files++) {
-
-		for(i = 0; i < 16*4096; i++)
-			buf[i] = rand();
-	
-		for(i = 0; i < 48; i+=4)
-			*((unsigned*)&trand[i]) = truerand();
-		memcpy(s.Master, trand, 32);
-		memcpy(s.Slots[0].Salt, trand+32, 16);
-
-		pkcs5_pbkdf2((unsigned char*)pass1, strlen(pass1), s.Slots[0].Salt, 16, (unsigned char*)tkey, 16, 9999);
-		memset(tivec, 0, 16);
-		setupAESstate(&cbc, tkey, 16, tivec);
-		memcpy(s.Slots[0].Key, s.Master, 32);
-		aesCBCencrypt(s.Slots[0].Key, 32, &cbc);
-
-		for(i=0; i<16; i++)
-			for(j=0; j<8; j++) {
-				buf[(4096*i)]  = 1;
-				buf[(4096*i)+(4*j)+1] = s.Slots[j].Salt[i];
-				buf[(4096*i)+(4*j)+2] = s.Slots[j].Key[i];
-				buf[(4096*i)+(4*j)+3] = s.Slots[j].Key[i+16];
-			}
-
-		if((fd = open(*files, OWRITE)) < 0)
-			exits("Cannot open disk ");
-	
-		/* make the pad for checking crypto */
-		for(i=0; i<8; i++) {
-			buf[(64*1024)-8+i] = ~buf[(64*1024)-16+i];
-		}
-		memset(tivec, 0, 16);
-		setupAESstate(&cbc, s.Master, 16, tivec);
-		aes_encrypt(cbc.ekey, cbc.rounds, &buf[(64*1024)-16], &buf[(64*1024)-16]);
-
-		write(fd, buf, 16*4096);
-
-		print("Disk %s written\n", *files);
-	}
-}
-
-void copen(char *files[], int mode) {
-	unsigned char pass[32], buf[1024*64], tkey[16], tivec[16], cbuf[16];
-	XtsState s;
-	int i,j,fd, oldpass;
-	AESstate cbc;
-	char *base, fdpath[1024];
-
-	oldpass = 0;
-	for(;*files; files++) {
-		if((fd = open(*files, OREAD)) < 0)
-			exits("Cannot open disk");
-	
-		if(read(fd, buf, 1024*64) != 1024*64) 
-			exits("Cannot read disk");
-	
-		openpass:
-			for(i=0; i<16; i++) 
-				for(j=0; j<8; j++) {
-					s.Slots[j].Salt[i] = buf[(4096*i)+(4*j)+1];
-					s.Slots[j].Key[i] = buf[(4096*i)+(4*j)+2];
-					s.Slots[j].Key[i+16] = buf[(4096*i)+(4*j)+3];
-				}
-
-			if(!oldpass)
-				readcons("Password", nil, 1, (char*)pass, 32);
-
-			memcpy(s.Master, s.Slots[0].Key, 32);
-
-			pkcs5_pbkdf2(pass, strlen((char*)pass), s.Slots[0].Salt, 16, tkey, 16, 9999);
-			memset(tivec, 0, 16);
-			setupAESstate(&cbc, tkey, 16, tivec);
-			aesCBCdecrypt(s.Master, 32, &cbc);
-		
-			memset(tivec, 0, 16);
-			setupAESstate(&cbc, s.Master, 16, tivec);
-
-			memcpy(cbuf, &buf[(64*1024)-16], 16);
-			aes_decrypt(cbc.dkey, cbc.rounds, cbuf, cbuf);
-
-			/* make the pad for checking crypto */
-			for(i=0; i<8; i++)
-				if((cbuf[i] ^ cbuf[i+8]) != 255) {
-					oldpass=0;
-					goto openpass;
-				}
-
-		base = utfrrune(*files, '/');
-		fd2path(fd, fdpath, 1024);
-		j = sprint((char*)buf, "crypt %s %s ", base ? base+1 : *files, fdpath);
-	
-		for(i=0; i<32; i++) {
-			sprint((char*)&buf[j], "%02X", s.Master[i]);
-			j += 2; 
-		}
-		buf[j++] = '\n';
-		close(fd);
-		if(mode == Install) {
-			fd = open("/dev/fs/ctl", OWRITE);
-			write(fd, buf, j);
-			close(fd);
-		} else {
-			write(1, buf, j);
-		}
-		oldpass=1;
-	}
-}
\ No newline at end of file
--- a/sys/src/cmd/cryptsetup/mkfile
+++ /dev/null
@@ -1,10 +1,0 @@
-</$objtype/mkfile
-
-BIN=/$objtype/bin
-TARG=cryptsetup
-OFILES=\
-	cryptsetup.$O\
-	readcons.$O\
-	pbkdf2.$O\
-
-</sys/src/cmd/mkone
--- a/sys/src/cmd/cryptsetup/pbkdf2.c
+++ /dev/null
@@ -1,77 +1,0 @@
-/*	$OpenBSD: pbkdf2.c,v 1.1 2008/06/14 06:28:27 djm Exp $	*/
-
-/*-
- * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <u.h>
-#include <libc.h>
-#include <mp.h>
-#include <libsec.h>
-#define DS DigestState /* only to abbreviate SYNOPSIS */
-#define SHA1_DIGEST_LENGTH 20
-#define MIN(a,b) ((a < b) ? a : b)
-
-/*
- * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
- * Code based on IEEE Std 802.11-2007, Annex H.4.2.
- */
-int
-pkcs5_pbkdf2(const unsigned char *pass, int pass_len, const unsigned char *salt, int salt_len,
-    unsigned char *key, int key_len, int rounds)
-{
-	unsigned char *asalt, obuf[SHA1_DIGEST_LENGTH];
-	unsigned char d1[SHA1_DIGEST_LENGTH], d2[SHA1_DIGEST_LENGTH];
-	unsigned i, j;
-	unsigned count;
-	unsigned r;
-
-	if (rounds < 1 || key_len == 0)
-		return -1;
-	if (salt_len == 0)
-		return -1;
-	if ((asalt = malloc(salt_len + 4)) == nil)
-		return -1;
-
-	memcpy(asalt, salt, salt_len);
-
-	for (count = 1; key_len > 0; count++) {
-		asalt[salt_len + 0] = (count >> 24) & 0xff;
-		asalt[salt_len + 1] = (count >> 16) & 0xff;
-		asalt[salt_len + 2] = (count >> 8) & 0xff;
-		asalt[salt_len + 3] = count & 0xff;
-		hmac_sha1(asalt, salt_len + 4, pass, pass_len, d1, nil);
-		memcpy(obuf, d1, sizeof(obuf));
-
-		for (i = 1; i < rounds; i++) {
-			hmac_sha1(d1, sizeof(d1), pass, pass_len, d2, nil);
-			memcpy(d1, d2, sizeof(d1));
-			for (j = 0; j < sizeof(obuf); j++)
-				obuf[j] ^= d1[j];
-		}
-
-		r = MIN(key_len, SHA1_DIGEST_LENGTH);
-		memcpy(key, obuf, r);
-		key += r;
-		key_len -= r;
-	};
-	memset(asalt, 0, salt_len + 4);
-	free(asalt);
-	memset(d1, 0, sizeof(d1));
-	memset(d2, 0, sizeof(d2));
-	memset(obuf, 0, sizeof(obuf));
-
-	return 0;
-}
--- a/sys/src/cmd/cryptsetup/readcons.c
+++ /dev/null
@@ -1,77 +1,0 @@
-/* From /sys/src/libauthsrv/readnvram.c, LPL licensed */
-#include <u.h>
-#include <libc.h>
-
-
-char*
-readcons(char *prompt, char *def, int raw, char *buf, int nbuf)
-{
-	int fdin, fdout, ctl, n, m;
-	char line[10];
-
-	fdin = open("/dev/cons", OREAD);
-	if(fdin < 0)
-		fdin = 0;
-	fdout = open("/dev/cons", OWRITE);
-	if(fdout < 0)
-		fdout = 1;
-	if(def != nil)
-		fprint(fdout, "%s[%s]: ", prompt, def);
-	else
-		fprint(fdout, "%s: ", prompt);
-	if(raw){
-		ctl = open("/dev/consctl", OWRITE);
-		if(ctl >= 0)
-			write(ctl, "rawon", 5);
-	} else
-		ctl = -1;
-
-	m = 0;
-	for(;;){
-		n = read(fdin, line, 1);
-		if(n == 0){
-			close(ctl);
-			werrstr("readcons: EOF");
-			return nil;
-		}
-		if(n < 0){
-			close(ctl);
-			werrstr("can't read cons");
-			return nil;
-		}
-		if(line[0] == 0x7f)
-			exits(0);
-		if(n == 0 || line[0] == '\n' || line[0] == '\r'){
-			if(raw){
-				write(ctl, "rawoff", 6);
-				write(fdout, "\n", 1);
-				close(ctl);
-			}
-			buf[m] = '\0';
-			if(buf[0]=='\0' && def)
-				strcpy(buf, def);
-			return buf;
-		}
-		if(line[0] == '\b'){
-			if(m > 0)
-				m--;
-		}else if(line[0] == 0x15){	/* ^U: line kill */
-			m = 0;
-			if(def != nil)
-				fprint(fdout, "%s[%s]: ", prompt, def);
-			else
-				fprint(fdout, "%s: ", prompt);
-		}else{
-			if(m >= nbuf-1){
-				fprint(fdout, "line too long\n");
-				m = 0;
-				if(def != nil)
-					fprint(fdout, "%s[%s]: ", prompt, def);
-				else
-					fprint(fdout, "%s: ", prompt);
-			}else
-				buf[m++] = line[0];
-		}
-	}
-}
-
--- /dev/null
+++ b/sys/src/cmd/disk/cryptsetup.c
@@ -1,0 +1,212 @@
+// Original Author Taru Karttunen <taruti@taruti.net>
+// This file can be used as both Public Domain or Creative Commons CC0.
+#include <u.h>
+#include <libc.h>
+#include <libsec.h>
+#include <authsrv.h>
+
+typedef struct {
+	uchar Salt[16];
+	uchar Key[32];
+} Slot;
+
+typedef struct {
+	uchar Master[32];
+	Slot Slots[8];
+	AESstate C1, C2;
+} XtsState;
+
+uchar zeros[16] = {0};
+uchar buf[64*1024];
+AESstate cbc;
+XtsState s;
+
+void 
+setupkey(char *pass, uchar salt[16], AESstate *aes)
+{
+	uchar tkey[32];
+
+	pbkdf2_x((uchar*)pass, strlen(pass), salt, 16, 9999, tkey, 32, hmac_sha1, SHA1dlen);
+	setupAESstate(aes, tkey, 16, zeros);
+	memset(tkey, 0, sizeof(tkey));
+}
+
+void
+freepass(char *pass)
+{
+	if(pass != nil){
+		memset(pass, 0, strlen(pass));
+		free(pass);
+	}
+}
+
+void
+cformat(char *files[])
+{
+	char *pass, *tmp;
+	int fd, i, j;
+
+	pass = nil;
+	do {
+		freepass(pass);
+		pass = readcons("Password", nil, 1);
+		if(pass == nil || pass[0] == 0)
+			sysfatal("input aborted");
+		tmp = readcons("Confirm", nil, 1);
+		if(tmp == nil || tmp[0] == 0)
+			sysfatal("input aborted");
+		i = strcmp(pass, tmp);
+		freepass(tmp);
+	} while(i != 0);
+
+	for(;*files != nil; files++) {
+		genrandom((uchar*)&s, sizeof(s));
+		setupkey(pass, s.Slots[0].Salt, &cbc);
+		memcpy(s.Slots[0].Key, s.Master, 32);
+		aesCBCencrypt(s.Slots[0].Key, 32, &cbc);
+
+		genrandom(buf, 16*4096);
+		for(i=0; i<16; i++)
+			for(j=0; j<8; j++) {
+				buf[(4096*i)+(4*j)+1] = s.Slots[j].Salt[i];
+				buf[(4096*i)+(4*j)+2] = s.Slots[j].Key[i];
+				buf[(4096*i)+(4*j)+3] = s.Slots[j].Key[i+16];
+			}
+
+		if((fd = open(*files, OWRITE)) < 0)
+			sysfatal("open disk: %r");
+	
+		/* make the pad for checking crypto */
+		for(i=0; i<8; i++)
+			buf[(64*1024)-8+i] = ~buf[(64*1024)-16+i];
+
+		setupAESstate(&cbc, s.Master, 16, zeros);
+		aes_encrypt(cbc.ekey, cbc.rounds, &buf[(64*1024)-16], &buf[(64*1024)-16]);
+
+		if(write(fd, buf, 64*1024) != 64*1024)
+			sysfatal("writing disk: %r");
+	}
+}
+
+void
+copen(char *files[], int ctl)
+{
+	char *pass, *name;
+	uchar cbuf[16];
+	int fd, i, j;
+
+	pass = nil;
+	for(;*files != nil; files++) {
+		memset(&s, 0, sizeof(s));
+		if((fd = open(*files, OREAD)) < 0)
+			sysfatal("open disk: %r");
+	
+		if(read(fd, buf, 1024*64) != 1024*64) 
+			sysfatal("read disk: %r");
+	
+	retrypass:
+		for(i=0; i<16; i++)
+			for(j=0; j<8; j++) {
+				s.Slots[j].Salt[i] = buf[(4096*i)+(4*j)+1];
+				s.Slots[j].Key[i] = buf[(4096*i)+(4*j)+2];
+				s.Slots[j].Key[i+16] = buf[(4096*i)+(4*j)+3];
+			}
+
+		if(pass == nil){
+			pass = readcons("Password", nil, 1);
+			if(pass == nil || pass[0] == 0)
+				sysfatal("input aborted");
+		}
+
+		setupkey(pass, s.Slots[0].Salt, &cbc);
+		memcpy(s.Master, s.Slots[0].Key, 32);
+		aesCBCdecrypt(s.Master, 32, &cbc);
+		setupAESstate(&cbc, s.Master, 16, zeros);
+
+		memcpy(cbuf, &buf[(64*1024)-16], 16);
+		aes_decrypt(cbc.dkey, cbc.rounds, cbuf, cbuf);
+
+		/* make the pad for checking crypto */
+		for(i=0; i<8; i++)
+			if((cbuf[i] ^ cbuf[i+8]) != 255) {
+				freepass(pass);
+				pass = nil;
+				fprint(2, "wrong key\n");
+				goto retrypass;
+			}
+
+		fd2path(fd, (char*)buf, sizeof(buf));
+		close(fd);
+
+		if((name = strrchr(*files, '/')) != nil)
+			name++;
+		else
+			name = *files;
+
+		if(fprint(ctl, "crypt %q %q %.32H\n", name, (char*)buf, s.Master) < 0)
+			sysfatal("write: %r");
+	}
+}
+
+void 
+usage(void)
+{
+	print("usage:\n"
+		"%s -f files\t\t# Format file or device\n"
+		"%s -o files\t\t# Print commandline for open\n"
+		"%s -i files\t\t# Install (open) files\n",
+		argv0, argv0, argv0);
+	exits("usage");
+}
+
+void
+main(int argc, char *argv[])
+{
+	enum {
+		NoMode,
+		Format,
+		Open,
+		Install,
+	};
+	int mode, ctl;
+
+	quotefmtinstall();
+	fmtinstall('H', encodefmt);
+
+	ctl = 1;
+	mode = NoMode;
+
+	ARGBEGIN {
+	default:
+		usage();
+	case 'f':
+		mode = Format;
+		break;
+	case 'o':
+		mode = Open;
+		break;
+	case 'i':
+		mode = Install;
+		break;
+	} ARGEND;
+
+	if(argc < 0)
+		usage();
+
+	switch(mode){
+	default:
+		usage();
+	case Format:
+		cformat(argv);
+		break;
+	case Install:
+		if((ctl = open("/dev/fs/ctl", OWRITE)) < 0)
+			sysfatal("open ctl: %r");
+		/* no break */
+	case Open:
+		copen(argv, ctl);
+		break;
+	}
+
+	exits(nil);
+}
--- a/sys/src/cmd/disk/mkfile
+++ b/sys/src/cmd/disk/mkfile
@@ -6,6 +6,7 @@
 	mkext\
 	mkfs\
 	partfs\
+	cryptsetup\
 
 DIRS=\
 	9660\
--