[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[dm-devel] dm-crypt userland key patch

From: Bjorn Andersson <bjorn andersson silversmedjan se>
To: dm-devel redhat com
Cc: code kryo se
Subject: [dm-devel] dm-crypt userland key patch
Date: Wed, 13 Apr 2005 23:58:52 +0200

Hello

Patch to the dm-crypt module so that it hides the crypto-key from
userland. (dmsetup table)

Adds an extra option (DM_CRYPT_NULLKEYSTATUS) to
config/menuconfig/whateverconfig, under dm-crypt, so you can toggle the
patch.


Code by Bjorn Andersson and Erik Ekman.

// Bjorn

diff -ur linux-2.6.11-gentoo-r4/drivers/md/Kconfig linux-2.6.11-gentoo-r4-mod/drivers/md/Kconfig
--- linux-2.6.11-gentoo-r4/drivers/md/Kconfig	2005-03-18 14:44:33.000000000 +0100
+++ linux-2.6.11-gentoo-r4-mod/drivers/md/Kconfig	2005-04-12 15:46:03.000000000 +0200
@@ -207,6 +207,18 @@
 
 	  If unsure, say N.
 
+config DM_CRYPT_NULLKEYSTATUS
+	bool "Hide key from userspace"
+	depends on DM_CRYPT
+	---help---
+	  When executing 'dmsetup table' it prints the crypto-key for all 
+	  mounted dm-crypt-devices. See dmsetup(8).
+
+	  This hides the real key and returns a key of zeros instead.
+
+	  If paranoid or unsure, say Y.
+	  If you need to see your keys in runtime, say N.
+
 config DM_SNAPSHOT
        tristate "Snapshot target (EXPERIMENTAL)"
        depends on BLK_DEV_DM && EXPERIMENTAL
diff -ur linux-2.6.11-gentoo-r4/drivers/md/dm-crypt.c linux-2.6.11-gentoo-r4-mod/drivers/md/dm-crypt.c
--- linux-2.6.11-gentoo-r4/drivers/md/dm-crypt.c	2005-04-12 12:51:28.000000000 +0200
+++ linux-2.6.11-gentoo-r4-mod/drivers/md/dm-crypt.c	2005-04-12 15:36:35.000000000 +0200
@@ -518,6 +518,7 @@
 /*
  * Encode key into its hex representation
  */
+#ifndef CONFIG_DM_CRYPT_NULLKEYSTATUS
 static void crypt_encode_key(char *hex, u8 *key, unsigned int size)
 {
 	unsigned int i;
@@ -528,6 +529,7 @@
 		key++;
 	}
 }
+#endif
 
 /*
  * Construct an encryption mapping:
@@ -900,8 +902,11 @@
 		if (cc->key_size > 0) {
 			if ((maxlen - sz) < ((cc->key_size << 1) + 1))
 				return -ENOMEM;
-
+#ifdef CONFIG_DM_CRYPT_NULLKEYSTATUS
+			memset(result + sz, '0', cc->key_size << 1);	
+#else
 			crypt_encode_key(result + sz, cc->key, cc->key_size);
+#endif
 			sz += cc->key_size << 1;
 		} else {
 			if (sz >= maxlen)

Follow-Ups:
- Re: [dm-devel] dm-crypt userland key patch
  - From: Molle Bestefich

References:
- [dm-devel] Multipath Statistics
  - From: Lan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]