From 7b8607991f9e898f6b737955ad951bb322b987dc Mon Sep 17 00:00:00 2001 From: Seok Hong Date: Thu, 17 Nov 2016 13:50:04 +0900 Subject: [PATCH] Fix wrong initialization of DMCryptEngine Change-Id: I12c9b2f299807d92e19e4b49cd4f356ab63dca28 Signed-off-by: Seok Hong --- server/engine/dmcrypt-engine.cpp | 74 ++++++++++++++------------------ server/engine/dmcrypt-engine.h | 17 ++++++++ tests/dmcrypt-engine.cpp | 20 +++++---- 3 files changed, 62 insertions(+), 49 deletions(-) diff --git a/server/engine/dmcrypt-engine.cpp b/server/engine/dmcrypt-engine.cpp index fe1a751..419e6c2 100644 --- a/server/engine/dmcrypt-engine.cpp +++ b/server/engine/dmcrypt-engine.cpp @@ -28,44 +28,36 @@ namespace ode { -class BlkDevCryptInfo { -public: - void init(const std::string &src, const std::string &crypto_name) - { - crypto_type_name = crypto_name; - fs_size = getBlkdevSize(src); - } +void CryptInfo::init(const std::string &src, const std::string &crypto_name) +{ + crypto_type_name = crypto_name; + fs_size = getBlkdevSize(src); +} - long getFileSystemSize() - { - return fs_size; - } +long CryptInfo::getFileSystemSize() +{ + return fs_size; +} - std::string getCryptoTypeName() const - { - return crypto_type_name; - } +std::string CryptInfo::getCryptoTypeName() const +{ + return crypto_type_name; +} -private: - long getBlkdevSize(const std::string &src) - { - int fd = open(src.c_str(), O_RDONLY); - if (fd < 0) - return 0; +long CryptInfo::getBlkdevSize(const std::string &src) +{ + int fd = open(src.c_str(), O_RDONLY); + if (fd < 0) + return 0; - long fs_size = 0; - if ((ioctl(fd, BLKGETSIZE, &fs_size)) == -1) - fs_size = 0; - close(fd); + long fs_size = 0; + if ((ioctl(fd, BLKGETSIZE, &fs_size)) == -1) + fs_size = 0; + close(fd); - return fs_size; - } + return fs_size; +} -private: - // TODO(seok85.hong): support fast-encryption - long fs_size; - std::string crypto_type_name; -} real_blkdev_crypto_info; static void convertKeyToHexASCII(const DMCryptEngine::data &key, DMCryptEngine::data &key_ascii) @@ -90,7 +82,7 @@ DMCryptEngine::DMCryptEngine(const std::string &src, const std::string &dest) : source(src), destination(dest) { // 1. Get Real Block device(src)'s infomation - real_blkdev_crypto_info.init(src, "aes-cbc-essiv:sha256"); + cryptInfo.init(src, "aes-cbc-essiv:sha256"); } DMCryptEngine::~DMCryptEngine() @@ -115,7 +107,7 @@ static void ioctlInit(struct dm_ioctl *io, size_t dataSize, const char *name, un #define DM_CRYPT_BUF_SIZE 4096 #define DM_LABEL "userdata" -static const std::string createCryptoBlkDev(const std::string &real_blkdev, const std::string &mount_name, const DMCryptEngine::data &key) +static const std::string createCryptoBlkDev(const std::string &real_blkdev, const std::string &mount_name, const DMCryptEngine::data &key, long fileSystemSize, std::string cryptoTypeName) { int fd = -1; @@ -179,7 +171,7 @@ static const std::string createCryptoBlkDev(const std::string &real_blkdev, cons dm_io->target_count = 1; dm_ts->status = 0; dm_ts->sector_start = 0; - dm_ts->length = real_blkdev_crypto_info.getFileSystemSize(); + dm_ts->length = fileSystemSize; strcpy(dm_ts->target_type, "crypt"); // Prepare crypt_params @@ -195,7 +187,7 @@ static const std::string createCryptoBlkDev(const std::string &real_blkdev, cons ode::convertKeyToHexASCII(key, key_ascii); // Store crypt_params - sprintf(crypt_params, "%s %s 0 %s 0", real_blkdev_crypto_info.getCryptoTypeName().c_str(), key_ascii.data(), real_blkdev.c_str()); + sprintf(crypt_params, "%s %s 0 %s 0", cryptoTypeName.c_str(), key_ascii.data(), real_blkdev.c_str()); crypt_params += strlen(crypt_params) + 1; // Align to an 8 byte boundary @@ -263,7 +255,7 @@ void DMCryptEngine::mount(const DMCryptEngine::data &key) DMCryptEngine::data sanitized_key = sanitizeKey(key); // create crypto type device mapping layer to mount the encrypted partition. - const std::string crypto_blkdev = createCryptoBlkDev(source, DM_LABEL, sanitized_key); + const std::string crypto_blkdev = createCryptoBlkDev(source, DM_LABEL, sanitized_key, cryptInfo.getFileSystemSize(), cryptInfo.getCryptoTypeName()); if (::mount(crypto_blkdev.c_str(), destination.c_str(), "ext4", 0, 0) < 0) throw runtime::Exception(runtime::GetSystemErrorMessage()); @@ -307,10 +299,10 @@ void DMCryptEngine::encrypt(const DMCryptEngine::data &key) // create crypto type device mapping layer to mount the plain partition // should be encrypted here. - const std::string crypto_blkdev = createCryptoBlkDev(source, DM_LABEL, sanitized_key); + const std::string crypto_blkdev = createCryptoBlkDev(source, DM_LABEL, sanitized_key, cryptInfo.getFileSystemSize(), cryptInfo.getCryptoTypeName()); // We always do In-place encryption - encryptInPlace(crypto_blkdev, source, real_blkdev_crypto_info.getFileSystemSize()); + encryptInPlace(crypto_blkdev, source, cryptInfo.getFileSystemSize()); // remove crypto type device mapper destroyCryptoBlkDev(DM_LABEL); @@ -322,10 +314,10 @@ void DMCryptEngine::decrypt(const DMCryptEngine::data &key) // create crypto type device mapping layer to mount the plain partition // should be encrypted here. - const std::string crypto_blkdev = createCryptoBlkDev(source, DM_LABEL, sanitized_key); + const std::string crypto_blkdev = createCryptoBlkDev(source, DM_LABEL, sanitized_key, cryptInfo.getFileSystemSize(), cryptInfo.getCryptoTypeName()); // We always do In-place encryption - encryptInPlace(source, crypto_blkdev, real_blkdev_crypto_info.getFileSystemSize()); + encryptInPlace(source, crypto_blkdev, cryptInfo.getFileSystemSize()); // remove crypto type device mapper destroyCryptoBlkDev(DM_LABEL); diff --git a/server/engine/dmcrypt-engine.h b/server/engine/dmcrypt-engine.h index 6348ff9..4a9c35b 100644 --- a/server/engine/dmcrypt-engine.h +++ b/server/engine/dmcrypt-engine.h @@ -22,6 +22,22 @@ namespace ode { +class CryptInfo { +public: + void init(const std::string &src, const std::string &crypto_name); + long getFileSystemSize(); + std::string getCryptoTypeName() const; + +private: + long getBlkdevSize(const std::string &src); + +private: + // TODO(seok85.hong): support fast-encryption + long fs_size; + std::string crypto_type_name; +}; + + class DMCryptEngine final { public: DMCryptEngine(const std::string &src, const std::string &dest); @@ -52,6 +68,7 @@ public: private: std::string source, destination; + CryptInfo cryptInfo; }; } // namespace ode diff --git a/tests/dmcrypt-engine.cpp b/tests/dmcrypt-engine.cpp index aaffbc0..082207b 100644 --- a/tests/dmcrypt-engine.cpp +++ b/tests/dmcrypt-engine.cpp @@ -40,6 +40,8 @@ static std::string test_real_rawfile; // i.e. "/tmp/fileXXXXXX" static std::string test_real_blkdev; // i.e. "/dev/loop0" static std::string test_real_mntpoint; +// ode::DMCryptEngine gvTest("/dev/mmcblk0p25", "/opt/usr"); + } //////////////////////////////////////////////////////////////////////////////////////// @@ -161,13 +163,14 @@ TESTCASE(DMCryptBlkDevCryptInfoWithDummyFile) try { const std::string test_crypto_type_name = "test-crypto-type-name"; - ode::real_blkdev_crypto_info.init(test_real_blkdev, test_crypto_type_name); - if (test_crypto_type_name.compare(ode::real_blkdev_crypto_info.getCryptoTypeName())) + ode::CryptInfo cryptInfo; + cryptInfo.init(test_real_blkdev, test_crypto_type_name); + if (test_crypto_type_name.compare(cryptInfo.getCryptoTypeName())) TEST_FAIL("CryptoTypeName doesn't match"); // we espect the sector size (20480) with our temporary created file long test_fs_size = 20480; - if (test_fs_size != ode::real_blkdev_crypto_info.getFileSystemSize()) + if (test_fs_size != cryptInfo.getFileSystemSize()) TEST_FAIL("FileSystemSize doesn't match"); // } catch (runtime::Exception &e) { @@ -178,10 +181,11 @@ TESTCASE(DMCryptBlkDevCryptInfoWithDummyFile) TESTCASE(DMCryptCreateRemoveCryptoBlkDevWithTempkey) { try { - ode::real_blkdev_crypto_info.init(test_real_blkdev, "aes-cbc-essiv:sha256"); + ode::CryptInfo cryptInfo; + cryptInfo.init(test_real_blkdev, "aes-cbc-essiv:sha256"); const std::string keystring = "01020304050607080910111213141516"; const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end()); - const std::string crypto_blkdev = ode::createCryptoBlkDev(test_real_blkdev, "testdata", key32bit); + const std::string crypto_blkdev = ode::createCryptoBlkDev(test_real_blkdev, "testdata", key32bit, cryptInfo.getFileSystemSize(), cryptInfo.getCryptoTypeName()); // check crypto device status using cryptsetup { FILE *fp = popen("cryptsetup status testdata", "r"); @@ -332,7 +336,7 @@ TESTCASE(DMCryptGetPathTest) TESTCASE(DMCryptEncryptAndDecrypt) { try { - ode::real_blkdev_crypto_info.init(test_real_blkdev, "aes-cbc-essiv:sha256"); + // ode::cryptInfo.init(test_real_blkdev, "aes-cbc-essiv:sha256"); const std::string keystring = "01020304050607080910111213141516"; const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end()); @@ -375,7 +379,7 @@ TESTCASE(DMCryptEncryptAndDecrypt) TESTCASE(DMCryptEncryptMountUnmountDecrypt) { try { - ode::real_blkdev_crypto_info.init(test_real_blkdev, "aes-cbc-essiv:sha256"); + // ode::cryptInfo.init(test_real_blkdev, "aes-cbc-essiv:sha256"); const std::string keystring = "01020304050607080910111213141516"; const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end()); @@ -427,7 +431,7 @@ TESTCASE(DMCryptEncryptMountUnmountDecrypt) TESTCASE(DMCryptEncryptButDecryptWithWrongKey) { try { - ode::real_blkdev_crypto_info.init(test_real_blkdev, "aes-cbc-essiv:sha256"); + // ode::cryptInfo.init(test_real_blkdev, "aes-cbc-essiv:sha256"); const std::string keystring = "01020304050607080910111213141516"; const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end()); const std::string wrongkeystring = "SIZE_IS_SAME_BUT_WRONG_DECKEY___"; -- 2.34.1