Line 0
Link Here
|
|
|
1 |
. ${clst_sharedir}/targets/support/functions.sh |
2 |
|
3 |
devices_off(){ |
4 |
cryptsetup luksClose catalyst |
5 |
losetup -d ${clst_encryption_loop} |
6 |
} |
7 |
|
8 |
free_loop(){ |
9 |
echo "Searching for a free loop from /dev/loop0..." |
10 |
local loop=0 |
11 |
while true |
12 |
do |
13 |
if [ ! -b "/dev/loop${loop}" ] |
14 |
then |
15 |
exit 1 |
16 |
fi |
17 |
# If the loop-device is "free" then break |
18 |
losetup "/dev/loop${loop}" &>/dev/null || break |
19 |
let loop=loop+1 |
20 |
done |
21 |
export clst_encryption_loop="/dev/loop${loop}" |
22 |
} |
23 |
|
24 |
|
25 |
encrypt_loop(){ |
26 |
|
27 |
# $1 = loop file address |
28 |
# $2 = loop device |
29 |
# $3 = encryption method |
30 |
# $4 = keyfile |
31 |
# $5 = clst_encryption_options |
32 |
# $6 = keysize |
33 |
|
34 |
echo "Encrypting the cd using $2 and /dev/mapper/catalyst" |
35 |
|
36 |
local luks_block_size=$(stat -c "%B" $1) |
37 |
|
38 |
local luks_size=$(($(stat -c "%b" $1)+8+8*${6})) |
39 |
# Normal size plus space for luks (linear in the keysize) |
40 |
|
41 |
echo "Creating empty container..." |
42 |
dd if=/dev/zero of=$1_crypt.img count=${luks_size} bs=${luks_block_size} conv=notrunc \ |
43 |
|| die "Could not create container file with dd, disk full?" |
44 |
|
45 |
echo "Placing container in loop $2" |
46 |
losetup $2 $1_crypt.img || die "Couldn't setup the loop. Do you have loop support in the kernel?" |
47 |
|
48 |
# Do not remove the previous 'die', it would format an occupied loop |
49 |
|
50 |
case "$3" in |
51 |
manual) |
52 |
echo 'Creating LUKS image' |
53 |
cat $4 | cryptsetup -s ${6} ${5} luksFormat $2 \ |
54 |
|| (devices_off; die "Failed to luksFormat. Is Luks configured and are kernel requirements met?") |
55 |
echo 'Opening LUKS image' |
56 |
cat $4 | cryptsetup luksOpen $2 catalyst \ |
57 |
|| (devices_off; die "Failed to open the luks device") |
58 |
;; |
59 |
keyfile) |
60 |
echo 'Creating LUKS image' |
61 |
echo 'YES' | cryptsetup ${5} luksFormat $2 $4 \ |
62 |
|| (devices_off; die "Failed to luksFormat. Is Luks configured and are kernel requirements met?") |
63 |
echo 'Opening LUKS image' |
64 |
cryptsetup --key-file $4 luksOpen $2 catalyst \ |
65 |
|| (devices_off; die "Failed to open the luks device") |
66 |
;; |
67 |
*) |
68 |
devices_off |
69 |
die 'Option for encrypt/method not recognized' |
70 |
;; |
71 |
esac |
72 |
|
73 |
echo 'Copying root filesystem to container' |
74 |
|
75 |
dd if=$1 of=/dev/mapper/catalyst conv=notrunc \ |
76 |
|| (devices_off; die "dd failed to put loop contents in Luks image. Could be bad container size estimative, or loops wrongly detached.") |
77 |
|
78 |
cryptsetup luksClose catalyst || \ |
79 |
die "Luks image could not br closed, and loop will be left open. Unknown error occurred" |
80 |
|
81 |
losetup -d $2 || die "Loop not closed. Unknown error occurred" |
82 |
|
83 |
echo 'Loop was closed, encryption terminated' |
84 |
|
85 |
rm $1 |
86 |
mv $1_crypt.img $1 |
87 |
} |
88 |
|
89 |
|
90 |
start_encryption(){ |
91 |
# $1 = loop image |
92 |
|
93 |
local keysize |
94 |
|
95 |
if [ ! -s "${clst_encryption_key}" ] |
96 |
then die "Key wasn't found" |
97 |
fi |
98 |
#otherwise luks keeps waiting for stdin |
99 |
|
100 |
if [ "${clst_encryption_keysize}" ] |
101 |
then keysize=${clst_encryption_keysize} |
102 |
else keysize=256 |
103 |
fi |
104 |
|
105 |
free_loop || die "Couldn't find available loop" |
106 |
encrypt_loop $1 "${clst_encryption_loop}" "${clst_encryption_method}" "${clst_encryption_key}" "${clst_encryption_options}" "${keysize}" |
107 |
loopret=$? |
108 |
unset clst_encryption_loop |
109 |
exit $loopret |
110 |
} |