devcfgcommands.c

cryptoboot is set of tools for disk encryption on Unix. It is especially suited to encrypt root par

						}
						else if (0 == xmlStrcmp(action, "decrypt"))
						{

							printf("Performing decryption using '%s' as temporary loop device...\n", loop);
							ret = getBlocksNum(&numblocks, loop);
							if (-1 == ret)
							{
								printf("Could not get device size.\n");
							}
							else
							{
								ret = ddProgress(loop, src, numblocks);
								if (-1 == ret)
								{
									printf("Decryption failure.\n");
								}
								else
								{
									xmlUnlinkNode(device);
									xmlFreeNode(device);
									printf("Decryption complete. Device removed from configuration.\n");
								}
							}
						}
						else
							printf("Unknown action '%s'.", action);
					}
					xmlFree(action);
					ret = loopaesDetachDevice(loop);
					if (-1 == ret)
						printf("Error: Could not detach loop device '%s'.\n", loop);
				}
			}
			free(loop);
		}
	}
	else
		printf("FIXME: Encryption/decryption in '%s' driver not implemented.\n", driver);
	xmlFree(src);
	return;
}

int cStartCrypto(arg)
	char* arg;
{
	xmlNodePtr* dtab;
	int i, wasAction, step, answer;
	xmlChar* action;
	xmlChar* src;
	xmlChar* driver;
	
	fillDeviceTab(&dtab);
	wasAction = 0;
	step = 0;
	for (i = 0; NULL != dtab[i]; i++)
	{
		action = xmlGetProp(dtab[i], "action");
		if (NULL != action)
		{
			step++;
			if (0 == wasAction)
			{
				wasAction = 1;
				printf("Following steps will be taken:\n");
			}
			src = xmlGetProp(dtab[i], "src");
			driver = (xmlChar*) dtab[i]->name;
			printf("%d. %s %s with %s\n", step, action, src, driver);
			xmlFree(src);
			xmlFree(action);	
		}
	}
	if (0 == step)
	{
		printf("No crypto actions defined.\n");
	}
	else
	{
		answer = ynQuestion("\nAre you sure?", 'n');
		if ('y' == answer)
		{
			for (i = 0; NULL != dtab[i]; i++)
			{
				action = xmlGetProp(dtab[i], "action");
				if (NULL != action)
					performCryptoAction(dtab[i]);
				xmlFree(action);	
			}
			printf("You should save changes to config file by issuing 'save' command.\n");
		}
	}

	free(dtab);

	return 1;
}

int
cHelp(arg)
	char* arg;
{
	int i;
	printf("Possible commands:\n");
	for(i = 0; NULL != commands[i].name; i++)
		printf("\t%s %s\r\t\t\t%s\n", commands[i].name, commands[i].args,
																		commands[i].doc);
	return 1;
}

int
cShowkey(arg)
	char* arg;
{
	unsigned long di;
	int ret;
	xmlChar* src;
	xmlNodePtr* dtab;
	xmlNodePtr device;
	
	xmlChar* driverName;
	u_int8_t* laDMultiKey; 
	int i, j;
	
	if (NULL == arg)
	{
		printf("Device number as argument required.\n");
		return 1;
	}
	ret = str2num(&di, arg);
	if (-1 == ret)
	{
		printf("Bad index '%s'.\n", arg);
		return 1;
	}
	
	fillDeviceTab(&dtab);
	
	ret = getNode(&device, dtab, di);
	if (-1 == ret)
	{
		printf("No such device.\n");
	}
	else
	{
		/* Get encrypted key */
		driverName = (xmlChar*) device->name;

		if (0 == xmlStrcmp(driverName, "loopaes"))
		{
			ret = loopaesGetMultiKey(&laDMultiKey, device);
					
			if (ret == -1)
			{
				fprintf(stderr, "Internal error.\n");
				exit(1);
			}
					
			/* Print decrypted key */
			src = xmlGetProp(device, "src");
			printf("Key material for device '%s' (loopaes multikey):\n\n",
						 src);
			xmlFree(src);
			for (i = 0; i < 64; i++)
			{
				printf("\t");
				for (j = 0; j < 128/8; j++)
				{
					printf("%.2x", laDMultiKey[j + (i*128/8)]);
				}
				printf("\n");
			}
			free(laDMultiKey);
		}
		else if (0 == xmlStrcmp(driverName, "plainloop"))
		{
			src = xmlGetProp(device, "src");
			printf("Device '%s' uses %s driver, which does not need a key.\n", src, driverName);
			xmlFree(src);
		}
		else
		{
			printf("FIXME: %s driver key printing not implemented.\n",
						 driverName);
		}
	}
	free(dtab);
	return 1;
}

int
cDecrypt(arg)
	char* arg;
{
	unsigned long di;
	int ret;
	xmlChar* src;
	xmlNodePtr* dtab;
	xmlNodePtr device;
	xmlChar* oldAction;
	char answer;
	
	if (NULL == arg)
	{
		printf("Device number as argument required.\n");
		return 1;
	}
	ret = str2num(&di, arg);
	if (-1 == ret)
	{
		printf("Bad index '%s'.\n", arg);
		return 1;
	}
	
	fillDeviceTab(&dtab);
	
	ret = getNode(&device, dtab, di);
	if (-1 == ret)
	{
		printf("No such device.\n");
	}
	else
	{
		src = xmlGetProp(device, "src");
		oldAction = xmlGetProp(device, "action");
		if (NULL == oldAction)
		{
			xmlSetProp(device, "action", "decrypt");
	
			printf("Device '%s' marked for decryption.\n", src);
			printf("To start decryption process type 'startcrypto'.\n");
		
		}
		else if (0 == xmlStrcmp(oldAction, "encrypt"))
		{
			printf("According to configuration device '%s' is not encrypted (only marked for encryption). Insted of decryption, its entry will be removed.\n", src);
			printf("It means the key material associated with this device will be removed also.\n");
			answer = ynQuestion("Are you sure?", 'n');
			if ('y' == answer)
			{
				xmlUnlinkNode(device);
				xmlFreeNode(device);
				printf("Device '%s' removed from configuration.\n", src);
			}
		}
		else
		{
			printf("Device '%s' is already marked for decryption.\n", src);
		}
		xmlFree(src);
		xmlFree(oldAction);
	}
	free(dtab);
	return 1;
}

int
addLoopaesDevice(src, dst, dkey, action)
	char* src;
	char* dst;
	u_int8_t* dkey;
	char* action;
{
	AES_KEY ik;
	int i;
	u_int8_t* ekey;
	char* ekeyText;
	xmlNodePtr cur, devicesNode, device;
	
	/* Encrypt multikey using masterKey */
	AES_set_encrypt_key(authdata, 128, &ik);

	ekey = malloc(64*128/8);
	if (NULL == ekey)
		return -1;
	
	/* Encryption in ECB mode - safe for random data such as keys */
	for (i = 0; i < 64; i++)
		AES_ecb_encrypt(dkey + (i*128/8), ekey + (i*128/8),
										&ik, AES_ENCRYPT);

	/* Convert encrypted key to xmlChar* */
	byte2hex(&ekeyText, ekey, 64*128/8);
	
	/* Find devices node */
	cur = xmlDocGetRootElement(ctab);
	for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next)
	{
		if (0 == xmlStrcmp(cur->name, "devices"))
		{
			devicesNode = cur;
			break;
		}
	}
	/* Create device node */
	device = xmlNewTextChild(devicesNode, NULL, "loopaes", NULL);
	/* Create and fill properties of device node */
	xmlSetProp(device, "src", src);
	xmlSetProp(device, "dst", dst);
	xmlSetProp(device, "action", action);
	/* Create and fill multikey node */
	xmlNewTextChild(device, NULL, "multikey128", ekeyText);
	free(ekeyText);
	return 1;
}

void
encryptionWizard()
{
	char* src;
	char* dst;
	char* rawSrc;
	char* rawDst;
	char answer;
	u_int8_t* key;
	int ret;
	
	printf("Please specify new device parameters.\n");
	printf("Driver: loopaes\n"); /* FIXME: FUTURE: give choice */
	rawSrc = readline("Source device: ");
	rawDst = readline("Target device: ");
	answer = ynQuestion("Do you want to manually enter the key?", 'n');
	if ('y' == answer)
	{
		printf("FIXME: Sorry, this function is not yet implemented.\n");
	}
	/* else FIXME */
	{
		printf("Generating key... ");
		key = malloc(64*128/8);
		if (NULL == key)
		{
			printf("Memory allocation error.\n");
			exit(1);
		}
		ret = RAND_bytes(key, 64*128/8);
		if (0 == ret)
		{
			printf("RAND_bytes: %lu\n", ERR_get_error());
			exit(1);
		}
		printf("done.\n");
	}
	src = trim(rawSrc);
	dst = trim(rawDst);
	addLoopaesDevice(src, dst, key, "encrypt");
	free(key);
	
	printf("Device '%s' added to cryptotab.\n", src);
	printf("You should save changes issuing 'save', then start encryption process\nby issuing 'startcrypto'.\n");
	
	free(rawSrc);
	free(rawDst);
	
	return;
}

int
cEncrypt(arg)
	char* arg;
{
	unsigned long di;
	int ret;
	xmlChar* src;
	xmlNodePtr* dtab;
	xmlNodePtr device;
	xmlChar* oldAction;

	char answer;
	
	fillDeviceTab(&dtab);
	
	if (NULL != arg)
	{
		ret = str2num(&di, arg);
		if (-1 == ret)
		{
			printf("Bad index '%s'.\n", arg);
			return 1;
		}
		
		ret = getNode(&device, dtab, di);
		if (-1 == ret)
		{
			printf("No such device.\n");
		}
		else
		{
			src = xmlGetProp(device, "src");
			oldAction = xmlGetProp(device, "action");
			if (NULL == oldAction)
			{
				printf("According to configuration file, device '%s' is already encrypted.\n", src);
				printf("Warning: Double encryption could destroy data on device.\n");
				answer = ynQuestion("Are you sure?", 'n');
				if ('y' == answer)
				{
					xmlSetProp(device, "action", "encrypt");
		
					printf("Device '%s' marked for encryption.\n", src);
					printf("To start encryption process type 'startcrypto'.\n");
				}
			}
			else if (0 == xmlStrcmp(oldAction, "decrypt"))
			{
				xmlUnsetProp(device, "action");
				printf("'decrypt' mark removed from device '%s'.\n", src);
			}
			else
			{
				printf("Device '%s' is already marked for encryption.\n", src);
			}
			xmlFree(src);
			xmlFree(oldAction);
		}
	}
	else
	{
		encryptionWizard();
	}
	free(dtab);
	return 1;
}

int
cSave(arg)
	char* arg;
{
	int ret;
	char* file;
	char answer;
	if (NULL != arg)
		file = arg;
	else
		file = CONFIG_FILE;
	
	printf("Configuration will be written to '%s'.\n", file);
	answer = ynQuestion("Are you sure?", 'n');
	if (answer == 'y')
	{
		ret = xmlSaveFormatFile(file, ctab, 1);
		if (-1 == ret)
			printf("Writing configuration to file '%s' failed.\n", file);
		else
			printf("Configuration saved to '%s'\n", file);
	}
	return 1;
}

int
cQuit(arg)
	char* arg;
{
	return -1;
}

Command commands[] =
{
	{"list", cList, "List devices", ""},
	{"encrypt", cEncrypt, "Add new device and encrypt it, or mark n for encryption", "[n]"},
	{"decrypt", cDecrypt, "Mark device n for decryption", "n"},
	{"showkey", cShowkey, "Show encryption key for device n", "n"},
	{"startcrypto", cStartCrypto, "Start encryption/decryption of selected devices", ""},
	{"save", cSave, "Save changes to configuration file", "[file]"},
	{"help", cHelp, "Display help", ""},
	{"quit", cQuit, "Quit program", ""},
	{(char*) NULL, (rl_icpfunc_t*) NULL, (char*) NULL}
};