[PATCH] hald+LUKS start
W. Michael Petullo
mike at flyn.org
Tue Feb 15 09:38:56 PST 2005
Attached you should find a patch that begins to add LUKS support to
hald. This should eventually provide an easy means to mount encrypted
filesystems. Currently, hald only detects that a disk contains a LUKS
header and sets some relevant parameters.
The next step is to cause hald to issue a request for a passphrase and
mount the real filesystem. I wanted to present the work I have done so
far so that others may provide an azimuth check.
I also have two questions:
1. Can someone give me a quick rundown of the dbus messages emitted
when a new device is added to a system? I would like to look into
modifying gnome-volume-manager so that when a LUKS device is added,
gnome-volume-manager prompts the console user for a password. I assume
that hald uses dbus to tell gnome-volume-manager the properties of a
newly added device (to include the device type -- crypto_LUKS in this
case). Is this correct?
2. What is the status of the interface that David Z. mentioned in his
"notes on making encrypted filesystems "Just Work(tm)": "requires
new features in hald to callout a program specified in e.g. the
/etc/hal/methods.d/Crypto/Setup file"? Is this feature still planned?
I did ask about this before, but am wondering if there is anything new.
Thanks.
--
Mike
:wq
-------------- next part --------------
diff -u --recursive --new-file hal-cvs-vanilla/hald/linux2/probing/probe-volume.c hal-cvs/hald/linux2/probing/probe-volume.c
--- hal-cvs-vanilla/hald/linux2/probing/probe-volume.c 2005-02-10 11:03:57.000000000 -0600
+++ hal-cvs/hald/linux2/probing/probe-volume.c 2005-02-15 10:30:56.000000000 -0600
@@ -74,6 +74,9 @@
case VOLUME_ID_RAID:
usage = "raid";
break;
+ case VOLUME_ID_CRYPTO:
+ usage = "crypto";
+ break;
case VOLUME_ID_UNUSED:
libhal_device_set_property_string (ctx, udi, "info.product", "Volume (unused)", &error);
usage = "unused";
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/luks.c hal-cvs/volume_id/luks.c
--- hal-cvs-vanilla/volume_id/luks.c 1969-12-31 18:00:00.000000000 -0600
+++ hal-cvs/volume_id/luks.c 2005-02-15 11:16:14.000000000 -0600
@@ -0,0 +1,113 @@
+/*
+ * volume_id - reads filesystem label and uuid
+ *
+ * Copyright (C) 2005 W. Michael Petullo <mike at flyn.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <netinet/in.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <asm/types.h>
+
+#include "volume_id.h"
+#include "util.h"
+#include "logging.h"
+#include "luks.h"
+
+/* FIXME: this contains a lot of copy and pasted code. One alternative
+ * would be to fork/exec cryptsetup isLuks and cryptsetup luksUUID. Another
+ * would be to write a LUKS library */
+
+/* from cryptsetup-luks internal.h */
+#define SECTOR_SHIFT 9
+#define SECTOR_SIZE (1 << SECTOR_SHIFT)
+
+/* from cryptsetup-luks luks.h */
+#define LUKS_CIPHERNAME_L 32
+#define LUKS_CIPHERMODE_L 32
+#define LUKS_HASHSPEC_L 32
+#define LUKS_DIGESTSIZE 20 /* since SHA1 */
+#define LUKS_SALTSIZE 32
+#define LUKS_NUMKEYS 8
+
+/* from cryptsetup-luks luks.h */
+const unsigned char LUKS_MAGIC[] = {'L','U','K','S', 0xba, 0xbe};
+#define LUKS_MAGIC_L 6
+
+/* from cryptsetup-luks luks.h */
+#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
+
+/* from cryptsetup-luks luks.h */
+#define UUID_STRING_L 40
+
+int volume_id_probe_luks(struct volume_id *id, __u64 off)
+{
+ int i;
+
+ /* from cryptsetup-luks luks.h */
+ struct luks_phdr {
+ char magic[LUKS_MAGIC_L];
+ uint16_t version;
+ char cipherName[LUKS_CIPHERNAME_L];
+ char cipherMode[LUKS_CIPHERMODE_L];
+ char hashSpec[LUKS_HASHSPEC_L];
+ uint32_t payloadOffset;
+ uint32_t keyBytes;
+ char mkDigest[LUKS_DIGESTSIZE];
+ char mkDigestSalt[LUKS_SALTSIZE];
+ uint32_t mkDigestIterations;
+ char uuid[UUID_STRING_L];
+
+ struct {
+ uint32_t active;
+
+ /* parameters used for password processing */
+ uint32_t passwordIterations;
+ char passwordSalt[LUKS_SALTSIZE];
+
+ /* parameters used for AF store/load */
+ uint32_t keyMaterialOffset;
+ uint32_t stripes;
+ } keyblock[LUKS_NUMKEYS];
+ } *header;
+
+ header = (struct luks_phdr*) volume_id_get_buffer(id, off, LUKS_PHDR_SIZE);
+
+ if (header == NULL)
+ return -1;
+
+ if (memcmp(header->magic, LUKS_MAGIC, LUKS_MAGIC_L))
+ return -1;
+
+ volume_id_set_usage(id, VOLUME_ID_CRYPTO);
+ volume_id_set_uuid(id, header->uuid, UUID_DCE);
+ id->type = "crypto_LUKS";
+
+ return 0;
+}
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/luks.h hal-cvs/volume_id/luks.h
--- hal-cvs-vanilla/volume_id/luks.h 1969-12-31 18:00:00.000000000 -0600
+++ hal-cvs/volume_id/luks.h 2005-02-14 21:30:31.000000000 -0600
@@ -0,0 +1,26 @@
+/*
+ * volume_id - reads filesystem label and uuid
+ *
+ * Copyright (C) 2004 Kay Sievers <kay.sievers at vrfy.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef _VOLUME_ID_EXT_
+#define _VOLUME_ID_EXT_
+
+extern int volume_id_probe_luks(struct volume_id *id, __u64 off);
+
+#endif
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/Makefile.am hal-cvs/volume_id/Makefile.am
--- hal-cvs-vanilla/volume_id/Makefile.am 2005-02-07 15:24:16.000000000 -0600
+++ hal-cvs/volume_id/Makefile.am 2005-02-14 21:29:51.000000000 -0600
@@ -12,6 +12,7 @@
linux_raid.h linux_raid.c \
linux_swap.h linux_swap.c \
lvm.h lvm.c \
+ luks.h luks.c \
mac.h mac.c \
msdos.h msdos.c \
ntfs.h ntfs.c \
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/util.c hal-cvs/volume_id/util.c
--- hal-cvs-vanilla/volume_id/util.c 2005-02-07 15:24:16.000000000 -0600
+++ hal-cvs/volume_id/util.c 2005-02-15 10:30:39.000000000 -0600
@@ -53,6 +53,8 @@
return "raid";
case VOLUME_ID_DISKLABEL:
return "disklabel";
+ case VOLUME_ID_CRYPTO:
+ return "crypto";
case VOLUME_ID_UNPROBED:
return "unprobed";
case VOLUME_ID_UNUSED:
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/volume_id.c hal-cvs/volume_id/volume_id.c
--- hal-cvs-vanilla/volume_id/volume_id.c 2005-02-07 15:24:16.000000000 -0600
+++ hal-cvs/volume_id/volume_id.c 2005-02-15 09:31:48.000000000 -0600
@@ -76,6 +76,10 @@
if (volume_id_probe_highpoint_ataraid(id, off) == 0)
goto exit;
+ /* LUKS encrypted volume */
+ if (volume_id_probe_luks(id, off) == 0)
+ goto exit;
+
/* signature in the first block, only small buffer needed */
if (volume_id_probe_vfat(id, off) == 0)
goto exit;
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/volume_id.h hal-cvs/volume_id/volume_id.h
--- hal-cvs-vanilla/volume_id/volume_id.h 2005-02-07 15:24:16.000000000 -0600
+++ hal-cvs/volume_id/volume_id.h 2005-02-15 10:30:16.000000000 -0600
@@ -38,6 +38,7 @@
VOLUME_ID_PARTITIONTABLE,
VOLUME_ID_RAID,
VOLUME_ID_DISKLABEL,
+ VOLUME_ID_CRYPTO,
};
struct volume_id_partition {
-------------- next part --------------
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list