g13: Second chunk of code to support dm-crypt.

* g13/be-dmcrypt.c, g13/be-dmcrypt.h: New. * g13/Makefile.am (g13_SOURCES): Add them. * g13/backend.c: Include be-dmcrypt.h and call-syshelp.h. (no_such_backend): Rename to _no_such_backend and provide replacement macro. (be_is_supported_conttype): Support DM-Crypt. (be_take_lock_for_create): Call set_segvice for DM-Crypt. (be_create_new_keys): Make it a dummy for DM-Crypt. (be_create_container): Call be_dmcrypt_create_container. (be_mount_container): call be_dmcrypt_mount_container. * g13/g13-syshelp.c (main): Enable verbose mode. * g13/g13tuple.c (get_tupledesc_data): New. * g13/g13tuple.h (unref_tupledesc): New. * g13/g13.h (server_control_): Add field "recipients". * g13/g13.c (main): Fix setting of recipients via cmdline. (g13_deinit_default_ctrl): Release recipients list. (g13_request_shutdown): New. Replace all direct update of shutdown_pending by calls this function. * g13/server.c (server_local_s): Remove field recipients which is now part of CTRL. (reset_notify, cmd_recipient, cmd_create): Adjust for this change. * g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob. (g13_create_container): Support DM-Crypt. * g13/mount.c (parse_header): Allow for meta data copies. (g13_mount_container): Support DM-Crypt. * g13/sh-cmd.c (cmd_create): Make it work. (cmd_mount): New. * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work. (sh_dmcrypt_mount_container): New. -- With this patch we can now create an encrypted partition and partly mount it (i.e. setup keys and create the mapped device). We do not yet create a file system or mount that file system Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2016-02-13 16:01:45 +0000
committer: Werner Koch <[email protected]> 2016-02-13 16:06:54 +0000
commit: b0e6ab1109d05fc664f46e17d721fe9b01d38115 (patch)
tree: 70cf20d908523ef099962ee90730fd053082b5cf /g13/sh-cmd.c
parent: g13: Improve dump_keyblob. (diff)
download: gnupg-b0e6ab1109d05fc664f46e17d721fe9b01d38115.tar.gz
gnupg-b0e6ab1109d05fc664f46e17d721fe9b01d38115.zip
1 files changed, 108 insertions, 4 deletions
diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
index 8a3006cab..6ba4cd8c8 100644
--- a/g13/sh-cmd.c
+++ b/g13/sh-cmd.c
@@ -172,9 +172,15 @@ cmd_device (assuan_context_t ctx, char *line)
   tab_item_t ti;
   estream_t fp = NULL;
 
-  /* strcpy (line, "/dev/sdb1"); /\* FIXME *\/ */
   line = skip_options (line);
 
+/* # warning hardwired to /dev/sdb1 ! */
+/*   if (strcmp (line, "/dev/sdb1")) */
+/*     { */
+/*       err = gpg_error (GPG_ERR_ENOENT); */
+/*       goto leave; */
+/*     } */
+
   /* Always close an open device stream of this session. */
   xfree (ctrl->server_local->devicename);
   ctrl->server_local->devicename = NULL;
@@ -239,9 +245,9 @@ cmd_create (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err = 0;
+  estream_t fp = NULL;
 
   line = skip_options (line);
-
   if (strcmp (line, "dm-crypt"))
     {
       err = set_error (GPG_ERR_INV_ARG, "Type must be \"dm-crypt\"");
@@ -259,23 +265,120 @@ cmd_create (assuan_context_t ctx, char *line)
   err = sh_is_empty_partition (ctrl->server_local->devicename);
   if (err)
     {
+      if (gpg_err_code (err) == GPG_ERR_FALSE)
+        err = gpg_error (GPG_ERR_CONFLICT);
       err = assuan_set_error (ctx, err, "Partition is not empty");
       goto leave;
     }
 
+  /* We need a writeable stream to create the container.  */
+  fp = es_fopen (ctrl->server_local->devicename, "r+b");
+  if (!fp)
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error opening '%s': %s\n",
+                 ctrl->server_local->devicename, gpg_strerror (err));
+      goto leave;
+    }
+  if (es_setvbuf (fp, NULL, _IONBF, 0))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error setting '%s' to _IONBF: %s\n",
+                 ctrl->server_local->devicename, gpg_strerror (err));
+      goto leave;
+    }
+
   err = sh_dmcrypt_create_container (ctrl,
                                      ctrl->server_local->devicename,
-                                     ctrl->server_local->devicefp);
+                                     fp);
+  if (es_fclose (fp))
+    {
+      gpg_error_t err2 = gpg_error_from_syserror ();
+      log_error ("error closing '%s': %s\n",
+                 ctrl->server_local->devicename, gpg_strerror (err2));
+      if (!err)
+        err = err2;
+    }
+  fp = NULL;
 
+ leave:
+  es_fclose (fp);
+  return leave_cmd (ctx, err);
+}
 
 
+static const char hlp_mount[] =
+  "MOUNT <type>\n"
+  "\n"
+  "Mount an encrypted partition on the current device.\n"
+  "<type> must be \"dm-crypt\" for now.";
+static gpg_error_t
+cmd_mount (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+  unsigned char *keyblob = NULL;
+  size_t keybloblen;
+  tupledesc_t tuples = NULL;
+
+  line = skip_options (line);
+
+  if (strcmp (line, "dm-crypt"))
+    {
+      err = set_error (GPG_ERR_INV_ARG, "Type must be \"dm-crypt\"");
+      goto leave;
+    }
+
+  if (!ctrl->server_local->devicename
+      || !ctrl->server_local->devicefp
+      || !ctrl->devti)
+    {
+      err = set_error (GPG_ERR_ENOENT, "No device has been set");
+      goto leave;
+    }
+
+  err = sh_is_empty_partition (ctrl->server_local->devicename);
+  if (!err)
+    {
+      err = gpg_error (GPG_ERR_ENODEV);
+      assuan_set_error (ctx, err, "Partition is empty");
+      goto leave;
+    }
+  err = 0;
+
+  /* We expect that the client already decrypted the keyblob.
+   * Eventually we should move reading of the keyblob to here and ask
+   * the client to decrypt it.  */
+  assuan_begin_confidential (ctx);
+  err = assuan_inquire (ctx, "KEYBLOB",
+                        &keyblob, &keybloblen, 4 * 1024);
+  assuan_end_confidential (ctx);
+  if (err)
+    {
+      log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
+      goto leave;
+    }
+  err = create_tupledesc (&tuples, keyblob, keybloblen);
+  if (!err)
+    keyblob = NULL;
+  else
+    {
+      if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
+        log_error ("unknown keyblob version received\n");
+      goto leave;
+    }
+
+  err = sh_dmcrypt_mount_container (ctrl,
+                                    ctrl->server_local->devicename,
+                                    tuples);
 
  leave:
+  xfree (tuples);
+  destroy_tupledesc (tuples);
   return leave_cmd (ctx, err);
 }
 
 
-
 static const char hlp_getinfo[] =
   "GETINFO <what>\n"
   "\n"
@@ -372,6 +475,7 @@ register_commands (assuan_context_t ctx, int fail_all)
   } table[] =  {
     { "DEVICE",        cmd_device, hlp_device },
     { "CREATE",        cmd_create, hlp_create },
+    { "MOUNT",         cmd_mount,  hlp_mount  },
     { "INPUT",         NULL },
     { "OUTPUT",        NULL },
     { "GETINFO",       cmd_getinfo, hlp_getinfo },
author	Werner Koch <[email protected]>	2016-02-13 16:01:45 +0000
committer	Werner Koch <[email protected]>	2016-02-13 16:06:54 +0000
commit	b0e6ab1109d05fc664f46e17d721fe9b01d38115 (patch)
tree	70cf20d908523ef099962ee90730fd053082b5cf /g13/sh-cmd.c
parent	g13: Improve dump_keyblob. (diff)
download	gnupg-b0e6ab1109d05fc664f46e17d721fe9b01d38115.tar.gz gnupg-b0e6ab1109d05fc664f46e17d721fe9b01d38115.zip