diff options
Diffstat (limited to 'Core/Unix/Linux')
-rw-r--r-- | Core/Unix/Linux/CoreLinux.cpp | 477 | ||||
-rw-r--r-- | Core/Unix/Linux/CoreLinux.h | 39 | ||||
-rw-r--r-- | Core/Unix/Linux/System.h | 12 |
3 files changed, 528 insertions, 0 deletions
diff --git a/Core/Unix/Linux/CoreLinux.cpp b/Core/Unix/Linux/CoreLinux.cpp new file mode 100644 index 0000000..634a3a2 --- /dev/null +++ b/Core/Unix/Linux/CoreLinux.cpp @@ -0,0 +1,477 @@ +/* + Copyright (c) 2008-2010 TrueCrypt Developers Association. All rights reserved. + + Governed by the TrueCrypt License 3.0 the full text of which is contained in + the file License.txt included in TrueCrypt binary and source code distribution + packages. +*/ + +#include <fstream> +#include <iomanip> +#include <mntent.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include "CoreLinux.h" +#include "Platform/SystemInfo.h" +#include "Platform/TextReader.h" +#include "Volume/EncryptionModeLRW.h" +#include "Volume/EncryptionModeXTS.h" +#include "Driver/Fuse/FuseService.h" +#include "Core/Unix/CoreServiceProxy.h" + +namespace TrueCrypt +{ + CoreLinux::CoreLinux () + { + } + + CoreLinux::~CoreLinux () + { + } + + DevicePath CoreLinux::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const + { + list <string> loopPaths; + loopPaths.push_back ("/dev/loop"); + loopPaths.push_back ("/dev/loop/"); + loopPaths.push_back ("/dev/.static/dev/loop"); + + for (int devIndex = 0; devIndex < 256; devIndex++) + { + string loopDev; + foreach (const string &loopPath, loopPaths) + { + loopDev = loopPath + StringConverter::ToSingle (devIndex); + if (FilesystemPath (loopDev).IsBlockDevice()) + break; + } + + if (loopDev.empty()) + continue; + + list <string> args; + + list <string>::iterator readOnlyArg; + if (readOnly) + { + args.push_back ("-r"); + readOnlyArg = --args.end(); + } + + args.push_back ("--"); + args.push_back (loopDev); + args.push_back (filePath); + + try + { + Process::Execute ("losetup", args); + return loopDev; + } + catch (ExecutedProcessFailed&) + { + if (readOnly) + { + try + { + args.erase (readOnlyArg); + Process::Execute ("losetup", args); + return loopDev; + } + catch (ExecutedProcessFailed&) { } + } + } + } + + throw LoopDeviceSetupFailed (SRC_POS, wstring (filePath)); + } + + void CoreLinux::DetachLoopDevice (const DevicePath &devicePath) const + { + list <string> args; + args.push_back ("-d"); + args.push_back (devicePath); + + for (int t = 0; true; t++) + { + try + { + Process::Execute ("losetup", args); + break; + } + catch (ExecutedProcessFailed&) + { + if (t > 5) + throw; + Thread::Sleep (200); + } + } + } + + void CoreLinux::DismountNativeVolume (shared_ptr <VolumeInfo> mountedVolume) const + { + string devPath = mountedVolume->VirtualDevice; + + if (devPath.find ("/dev/mapper/truecrypt") != 0) + throw NotApplicable (SRC_POS); + + size_t devCount = 0; + while (FilesystemPath (devPath).IsBlockDevice()) + { + list <string> dmsetupArgs; + dmsetupArgs.push_back ("remove"); + dmsetupArgs.push_back (StringConverter::Split (devPath, "/").back()); + + for (int t = 0; true; t++) + { + try + { + Process::Execute ("dmsetup", dmsetupArgs); + break; + } + catch (...) + { + if (t > 20) + throw; + + Thread::Sleep (100); + } + } + + for (int t = 0; FilesystemPath (devPath).IsBlockDevice() && t < 20; t++) + { + Thread::Sleep (100); + } + + devPath = string (mountedVolume->VirtualDevice) + "_" + StringConverter::ToSingle (devCount++); + } + } + + HostDeviceList CoreLinux::GetHostDevices (bool pathListOnly) const + { + HostDeviceList devices; + TextReader tr ("/proc/partitions"); + + string line; + while (tr.ReadLine (line)) + { + vector <string> fields = StringConverter::Split (line); + + if (fields.size() != 4 + || fields[3].find ("loop") == 0 // skip loop devices + || fields[3].find ("cloop") == 0 + || fields[3].find ("ram") == 0 // skip RAM devices + || fields[3].find ("dm-") == 0 // skip device mapper devices + || fields[2] == "1" // skip extended partitions + ) + continue; + + try + { + StringConverter::ToUInt32 (fields[0]); + } + catch (...) + { + continue; + } + + try + { + make_shared_auto (HostDevice, hostDevice); + + hostDevice->Path = string (fields[3].find ("/dev/") == string::npos ? "/dev/" : "") + fields[3]; + + if (!pathListOnly) + { + hostDevice->Size = StringConverter::ToUInt64 (fields[2]) * 1024; + hostDevice->MountPoint = GetDeviceMountPoint (hostDevice->Path); + hostDevice->SystemNumber = 0; + } + + try + { + StringConverter::GetTrailingNumber (fields[3]); + if (devices.size() > 0) + { + HostDevice &prevDev = **--devices.end(); + if (string (hostDevice->Path).find (prevDev.Path) == 0) + { + prevDev.Partitions.push_back (hostDevice); + continue; + } + } + } + catch (...) { } + + devices.push_back (hostDevice); + continue; + } + catch (...) + { + continue; + } + } + + return devices; + } + + MountedFilesystemList CoreLinux::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const + { + MountedFilesystemList mountedFilesystems; + DevicePath realDevicePath = devicePath; + + if (!devicePath.IsEmpty()) + { + char *resolvedPath = realpath (string (devicePath).c_str(), NULL); + if (resolvedPath) + { + realDevicePath = resolvedPath; + free (resolvedPath); + } + } + + FILE *mtab = fopen ("/etc/mtab", "r"); + + if (!mtab) + mtab = fopen ("/proc/mounts", "r"); + + throw_sys_sub_if (!mtab, "/proc/mounts"); + finally_do_arg (FILE *, mtab, { fclose (finally_arg); }); + + static Mutex mutex; + ScopeLock sl (mutex); + + struct mntent *entry; + while ((entry = getmntent (mtab)) != nullptr) + { + make_shared_auto (MountedFilesystem, mf); + + if (entry->mnt_fsname) + mf->Device = DevicePath (entry->mnt_fsname); + else + continue; + + if (entry->mnt_dir) + mf->MountPoint = DirectoryPath (entry->mnt_dir); + + if (entry->mnt_type) + mf->Type = entry->mnt_type; + + if ((devicePath.IsEmpty() || devicePath == mf->Device || realDevicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint)) + mountedFilesystems.push_back (mf); + } + + return mountedFilesystems; + } + + void CoreLinux::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const + { + bool fsMounted = false; + + try + { + if (!FilesystemSupportsUnixPermissions (devicePath)) + { + stringstream userMountOptions; + userMountOptions << "uid=" << GetRealUserId() << ",gid=" << GetRealGroupId() << ",umask=077" << (!systemMountOptions.empty() ? "," : ""); + + CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, userMountOptions.str() + systemMountOptions); + fsMounted = true; + } + } + catch (...) { } + + if (!fsMounted) + CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions); + } + + void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const + { + bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS)); + bool lrw = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeLRW)); + + if (options.NoKernelCrypto + || (!xts && (!lrw || volume->GetEncryptionAlgorithm()->GetCiphers().size() > 1 || volume->GetEncryptionAlgorithm()->GetMinBlockSize() != 16)) + || volume->GetProtectionType() == VolumeProtection::HiddenVolumeReadOnly) + { + throw NotApplicable (SRC_POS); + } + + if (!SystemInfo::IsVersionAtLeast (2, 6, xts ? 24 : 20)) + throw NotApplicable (SRC_POS); + + // Load device mapper kernel module + list <string> execArgs; + foreach (const string &dmModule, StringConverter::Split ("dm_mod dm-mod dm")) + { + execArgs.clear(); + execArgs.push_back (dmModule); + + try + { + Process::Execute ("modprobe", execArgs); + break; + } + catch (...) { } + } + + bool loopDevAttached = false; + bool nativeDevCreated = false; + bool filesystemMounted = false; + + // Attach volume to loopback device if required + VolumePath volumePath = volume->GetPath(); + if (!volumePath.IsDevice()) + { + volumePath = AttachFileToLoopDevice (volumePath, options.Protection == VolumeProtection::ReadOnly); + loopDevAttached = true; + } + + string nativeDevPath; + + try + { + // Create virtual device using device mapper + size_t nativeDevCount = 0; + size_t secondaryKeyOffset = volume->GetEncryptionMode()->GetKey().Size(); + size_t cipherCount = volume->GetEncryptionAlgorithm()->GetCiphers().size(); + + foreach_reverse_ref (const Cipher &cipher, volume->GetEncryptionAlgorithm()->GetCiphers()) + { + stringstream dmCreateArgs; + dmCreateArgs << "0 " << volume->GetSize() / ENCRYPTION_DATA_UNIT_SIZE << " crypt "; + + // Mode + dmCreateArgs << StringConverter::ToLower (StringConverter::ToSingle (cipher.GetName())) << (xts ? (SystemInfo::IsVersionAtLeast (2, 6, 33) ? "-xts-plain64 " : "-xts-plain ") : "-lrw-benbi "); + + size_t keyArgOffset = dmCreateArgs.str().size(); + dmCreateArgs << setw (cipher.GetKeySize() * (xts ? 4 : 2) + (xts ? 0 : 16 * 2)) << 0 << setw (0); + + // Sector and data unit offset + uint64 startSector = volume->GetLayout()->GetDataOffset (volume->GetHostSize()) / ENCRYPTION_DATA_UNIT_SIZE; + + dmCreateArgs << ' ' << (xts ? startSector + volume->GetEncryptionMode()->GetSectorOffset() : 0) << ' '; + if (nativeDevCount == 0) + dmCreateArgs << string (volumePath) << ' ' << startSector; + else + dmCreateArgs << nativeDevPath << " 0"; + + SecureBuffer dmCreateArgsBuf (dmCreateArgs.str().size()); + dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((byte *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size())); + + // Keys + const SecureBuffer &cipherKey = cipher.GetKey(); + secondaryKeyOffset -= cipherKey.Size(); + ConstBufferPtr secondaryKey = volume->GetEncryptionMode()->GetKey().GetRange (xts ? secondaryKeyOffset : 0, xts ? cipherKey.Size() : 16); + + SecureBuffer hexStr (3); + for (size_t i = 0; i < cipherKey.Size(); ++i) + { + sprintf ((char *) hexStr.Ptr(), "%02x", (int) cipherKey[i]); + dmCreateArgsBuf.GetRange (keyArgOffset + i * 2, 2).CopyFrom (hexStr.GetRange (0, 2)); + + if (lrw && i >= 16) + continue; + + sprintf ((char *) hexStr.Ptr(), "%02x", (int) secondaryKey[i]); + dmCreateArgsBuf.GetRange (keyArgOffset + cipherKey.Size() * 2 + i * 2, 2).CopyFrom (hexStr.GetRange (0, 2)); + } + + stringstream nativeDevName; + nativeDevName << "truecrypt" << options.SlotNumber; + + if (nativeDevCount != cipherCount - 1) + nativeDevName << "_" << cipherCount - nativeDevCount - 2; + + nativeDevPath = "/dev/mapper/" + nativeDevName.str(); + + execArgs.clear(); + execArgs.push_back ("create"); + execArgs.push_back (nativeDevName.str()); + + Process::Execute ("dmsetup", execArgs, -1, nullptr, &dmCreateArgsBuf); + + // Wait for the device to be created + for (int t = 0; true; t++) + { + try + { + FilesystemPath (nativeDevPath).GetType(); + break; + } + catch (...) + { + if (t > 20) + throw; + + Thread::Sleep (100); + } + } + + nativeDevCreated = true; + ++nativeDevCount; + } + + // Test whether the device mapper is able to read and decrypt the last sector + SecureBuffer lastSectorBuf (volume->GetSectorSize()); + uint64 lastSectorOffset = volume->GetSize() - volume->GetSectorSize(); + + File nativeDev; + nativeDev.Open (nativeDevPath); + nativeDev.ReadAt (lastSectorBuf, lastSectorOffset); + + SecureBuffer lastSectorBuf2 (volume->GetSectorSize()); + volume->ReadSectors (lastSectorBuf2, lastSectorOffset); + + if (memcmp (lastSectorBuf.Ptr(), lastSectorBuf2.Ptr(), volume->GetSectorSize()) != 0) + throw KernelCryptoServiceTestFailed (SRC_POS); + + // Mount filesystem + if (!options.NoFilesystem && options.MountPoint && !options.MountPoint->IsEmpty()) + { + MountFilesystem (nativeDevPath, *options.MountPoint, + StringConverter::ToSingle (options.FilesystemType), + options.Protection == VolumeProtection::ReadOnly, + StringConverter::ToSingle (options.FilesystemOptions)); + + filesystemMounted = true; + } + + FuseService::SendAuxDeviceInfo (auxMountPoint, nativeDevPath, volumePath); + } + catch (...) + { + try + { + if (filesystemMounted) + DismountFilesystem (*options.MountPoint, true); + } + catch (...) { } + + try + { + if (nativeDevCreated) + { + make_shared_auto (VolumeInfo, vol); + vol->VirtualDevice = nativeDevPath; + DismountNativeVolume (vol); + } + } + catch (...) { } + + try + { + if (loopDevAttached) + DetachLoopDevice (volumePath); + } + catch (...) { } + + throw; + } + } + + auto_ptr <CoreBase> Core (new CoreServiceProxy <CoreLinux>); + auto_ptr <CoreBase> CoreDirect (new CoreLinux); +} diff --git a/Core/Unix/Linux/CoreLinux.h b/Core/Unix/Linux/CoreLinux.h new file mode 100644 index 0000000..5758d65 --- /dev/null +++ b/Core/Unix/Linux/CoreLinux.h @@ -0,0 +1,39 @@ +/* + Copyright (c) 2008 TrueCrypt Developers Association. All rights reserved. + + Governed by the TrueCrypt License 3.0 the full text of which is contained in + the file License.txt included in TrueCrypt binary and source code distribution + packages. +*/ + +#ifndef TC_HEADER_Core_CoreLinux +#define TC_HEADER_Core_CoreLinux + +#include "System.h" +#include "Core/Unix/CoreUnix.h" + +namespace TrueCrypt +{ + class CoreLinux : public CoreUnix + { + public: + CoreLinux (); + virtual ~CoreLinux (); + + virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const; + + protected: + virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const; + virtual void DetachLoopDevice (const DevicePath &devicePath) const; + virtual void DismountNativeVolume (shared_ptr <VolumeInfo> mountedVolume) const; + virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const; + virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const; + virtual void MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const; + + private: + CoreLinux (const CoreLinux &); + CoreLinux &operator= (const CoreLinux &); + }; +} + +#endif // TC_HEADER_Core_CoreLinux diff --git a/Core/Unix/Linux/System.h b/Core/Unix/Linux/System.h new file mode 100644 index 0000000..20a4f82 --- /dev/null +++ b/Core/Unix/Linux/System.h @@ -0,0 +1,12 @@ +/* + Copyright (c) 2008 TrueCrypt Developers Association. All rights reserved. + + Governed by the TrueCrypt License 3.0 the full text of which is contained in + the file License.txt included in TrueCrypt binary and source code distribution + packages. +*/ + +#ifndef TC_HEADER_Platform_Linux_System +#define TC_HEADER_Platform_Linux_System + +#endif // TC_HEADER_Platform_Linux_System |