|
Line 0
Link Here
|
|
|
1 |
. ${clst_sharedir}/targets/support/functions.sh |
| 2 |
|
| 3 |
devices_off(){ |
| 4 |
cryptsetup luksClose catalyst |
| 5 |
losetup -d ${clst_encryption_loop} |
| 6 |
} |
| 7 |
|
| 8 |
free_loop(){ |
| 9 |
echo "Searching for a free loop from /dev/loop0..." |
| 10 |
local loop=0 |
| 11 |
while true |
| 12 |
do |
| 13 |
if [ ! -b "/dev/loop${loop}" ] |
| 14 |
then |
| 15 |
exit 1 |
| 16 |
fi |
| 17 |
# If the loop-device is "free" then break |
| 18 |
losetup "/dev/loop${loop}" &>/dev/null || break |
| 19 |
let loop=loop+1 |
| 20 |
done |
| 21 |
export clst_encryption_loop="/dev/loop${loop}" |
| 22 |
} |
| 23 |
|
| 24 |
|
| 25 |
encrypt_loop(){ |
| 26 |
|
| 27 |
# $1 = loop file address |
| 28 |
# $2 = loop device |
| 29 |
# $3 = encryption method |
| 30 |
# $4 = keyfile |
| 31 |
# $5 = clst_encryption_options |
| 32 |
# $6 = keysize |
| 33 |
|
| 34 |
echo "Encrypting the cd using $2 and /dev/mapper/catalyst" |
| 35 |
|
| 36 |
local luks_block_size=$(stat -c "%B" $1) |
| 37 |
|
| 38 |
local luks_size=$(($(stat -c "%b" $1)+8+8*${6})) |
| 39 |
# Normal size plus space for luks (linear in the keysize) |
| 40 |
|
| 41 |
echo "Creating empty container..." |
| 42 |
dd if=/dev/zero of=$1_crypt.img count=${luks_size} bs=${luks_block_size} conv=notrunc \ |
| 43 |
|| die "Could not create container file with dd, disk full?" |
| 44 |
|
| 45 |
echo "Placing container in loop $2" |
| 46 |
losetup $2 $1_crypt.img || die "Couldn't setup the loop. Do you have loop support in the kernel?" |
| 47 |
|
| 48 |
# Do not remove the previous 'die', it would format an occupied loop |
| 49 |
|
| 50 |
case "$3" in |
| 51 |
manual) |
| 52 |
echo 'Creating LUKS image' |
| 53 |
cat $4 | cryptsetup -s ${6} ${5} luksFormat $2 \ |
| 54 |
|| (devices_off; die "Failed to luksFormat. Is Luks configured and are kernel requirements met?") |
| 55 |
echo 'Opening LUKS image' |
| 56 |
cat $4 | cryptsetup luksOpen $2 catalyst \ |
| 57 |
|| (devices_off; die "Failed to open the luks device") |
| 58 |
;; |
| 59 |
keyfile) |
| 60 |
echo 'Creating LUKS image' |
| 61 |
echo 'YES' | cryptsetup ${5} luksFormat $2 $4 \ |
| 62 |
|| (devices_off; die "Failed to luksFormat. Is Luks configured and are kernel requirements met?") |
| 63 |
echo 'Opening LUKS image' |
| 64 |
cryptsetup --key-file $4 luksOpen $2 catalyst \ |
| 65 |
|| (devices_off; die "Failed to open the luks device") |
| 66 |
;; |
| 67 |
*) |
| 68 |
devices_off |
| 69 |
die 'Option for encrypt/method not recognized' |
| 70 |
;; |
| 71 |
esac |
| 72 |
|
| 73 |
echo 'Copying root filesystem to container' |
| 74 |
|
| 75 |
dd if=$1 of=/dev/mapper/catalyst conv=notrunc \ |
| 76 |
|| (devices_off; die "dd failed to put loop contents in Luks image. Could be bad container size estimative, or loops wrongly detached.") |
| 77 |
|
| 78 |
cryptsetup luksClose catalyst || \ |
| 79 |
die "Luks image could not br closed, and loop will be left open. Unknown error occurred" |
| 80 |
|
| 81 |
losetup -d $2 || die "Loop not closed. Unknown error occurred" |
| 82 |
|
| 83 |
echo 'Loop was closed, encryption terminated' |
| 84 |
|
| 85 |
rm $1 |
| 86 |
mv $1_crypt.img $1 |
| 87 |
} |
| 88 |
|
| 89 |
|
| 90 |
start_encryption(){ |
| 91 |
# $1 = loop image |
| 92 |
|
| 93 |
local keysize |
| 94 |
|
| 95 |
if [ ! -s "${clst_encryption_key}" ] |
| 96 |
then die "Key wasn't found" |
| 97 |
fi |
| 98 |
#otherwise luks keeps waiting for stdin |
| 99 |
|
| 100 |
if [ "${clst_encryption_keysize}" ] |
| 101 |
then keysize=${clst_encryption_keysize} |
| 102 |
else keysize=256 |
| 103 |
fi |
| 104 |
|
| 105 |
free_loop || die "Couldn't find available loop" |
| 106 |
encrypt_loop $1 "${clst_encryption_loop}" "${clst_encryption_method}" "${clst_encryption_key}" "${clst_encryption_options}" "${keysize}" |
| 107 |
loopret=$? |
| 108 |
unset clst_encryption_loop |
| 109 |
exit $loopret |
| 110 |
} |
