diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
commit | 1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 (patch) | |
tree | 6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /lib/luks1/af.c | |
parent | Initial commit. (diff) | |
download | cryptsetup-1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5.tar.xz cryptsetup-1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5.zip |
Adding upstream version 2:2.6.1.upstream/2%2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | lib/luks1/af.c | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/lib/luks1/af.c b/lib/luks1/af.c new file mode 100644 index 0000000..76afeac --- /dev/null +++ b/lib/luks1/af.c @@ -0,0 +1,170 @@ +/* + * AFsplitter - Anti forensic information splitter + * + * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org> + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * + * AFsplitter diffuses information over a large stripe of data, + * therefore supporting secure data destruction. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include "internal.h" +#include "af.h" + +static void XORblock(const char *src1, const char *src2, char *dst, size_t n) +{ + size_t j; + + for (j = 0; j < n; j++) + dst[j] = src1[j] ^ src2[j]; +} + +static int hash_buf(const char *src, char *dst, uint32_t iv, + size_t len, const char *hash_name) +{ + struct crypt_hash *hd = NULL; + char *iv_char = (char *)&iv; + int r; + + iv = be32_to_cpu(iv); + if (crypt_hash_init(&hd, hash_name)) + return -EINVAL; + + if ((r = crypt_hash_write(hd, iv_char, sizeof(uint32_t)))) + goto out; + + if ((r = crypt_hash_write(hd, src, len))) + goto out; + + r = crypt_hash_final(hd, dst, len); +out: + crypt_hash_destroy(hd); + return r; +} + +/* + * diffuse: Information spreading over the whole dataset with + * the help of hash function. + */ +static int diffuse(char *src, char *dst, size_t size, const char *hash_name) +{ + int r, hash_size = crypt_hash_size(hash_name); + unsigned int digest_size; + unsigned int i, blocks, padding; + + if (hash_size <= 0) + return -EINVAL; + digest_size = hash_size; + + blocks = size / digest_size; + padding = size % digest_size; + + for (i = 0; i < blocks; i++) { + r = hash_buf(src + digest_size * i, + dst + digest_size * i, + i, (size_t)digest_size, hash_name); + if (r < 0) + return r; + } + + if (padding) { + r = hash_buf(src + digest_size * i, + dst + digest_size * i, + i, (size_t)padding, hash_name); + if (r < 0) + return r; + } + + return 0; +} + +/* + * Information splitting. The amount of data is multiplied by + * blocknumbers. The same blocksize and blocknumbers values + * must be supplied to AF_merge to recover information. + */ +int AF_split(struct crypt_device *ctx, const char *src, char *dst, + size_t blocksize, unsigned int blocknumbers, const char *hash) +{ + unsigned int i; + char *bufblock; + int r; + + bufblock = crypt_safe_alloc(blocksize); + if (!bufblock) + return -ENOMEM; + + /* process everything except the last block */ + for (i = 0; i < blocknumbers - 1; i++) { + r = crypt_random_get(ctx, dst + blocksize * i, blocksize, CRYPT_RND_NORMAL); + if (r < 0) + goto out; + + XORblock(dst + blocksize * i, bufblock, bufblock, blocksize); + r = diffuse(bufblock, bufblock, blocksize, hash); + if (r < 0) + goto out; + } + /* the last block is computed */ + XORblock(src, bufblock, dst + blocksize * i, blocksize); + r = 0; +out: + crypt_safe_free(bufblock); + return r; +} + +int AF_merge(const char *src, char *dst, + size_t blocksize, unsigned int blocknumbers, const char *hash) +{ + unsigned int i; + char *bufblock; + int r; + + bufblock = crypt_safe_alloc(blocksize); + if (!bufblock) + return -ENOMEM; + + for (i = 0; i < blocknumbers - 1; i++) { + XORblock(src + blocksize * i, bufblock, bufblock, blocksize); + r = diffuse(bufblock, bufblock, blocksize, hash); + if (r < 0) + goto out; + } + XORblock(src + blocksize * i, bufblock, dst, blocksize); + r = 0; +out: + crypt_safe_free(bufblock); + return r; +} + +/* Size of final split data including sector alignment */ +size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers) +{ + size_t af_size; + + /* data material * stripes */ + af_size = blocksize * blocknumbers; + + /* round up to sector */ + af_size = (af_size + (SECTOR_SIZE - 1)) / SECTOR_SIZE; + + return af_size; +} |