1 /*
2 * afflib.cpp
3 * Distributed under the Berkeley 4-part license
4 */
5
6 #include "affconfig.h"
7 #include "afflib.h"
8 #include "afflib_i.h"
9
10 #ifdef HAVE_OPENSSL_PEM_H
11 #include <openssl/pem.h>
12 #include <openssl/bio.h>
13 #endif
14
15 #include "vnode_raw.h"
16 #include "vnode_split_raw.h"
17 #include "vnode_afm.h"
18 #include "vnode_aff.h"
19 #include "vnode_afd.h"
20
21 #ifdef USE_QEMU
22 #include "vnode_qemu.h"
23 #endif
24
25 #ifdef USE_S3
26 #include "vnode_s3.h"
27 #endif
28
29 #ifdef HAVE_FCNTL_H
30 #include <fcntl.h>
31 #endif
32
33 #include <assert.h>
34 #include <errno.h>
35
36
37 // vnode implementations.
38 // order matters
39 struct af_vnode *af_vnode_array[] = {
40 #ifdef USE_S3
41 &vnode_s3, // must be first for s3:// interpertation
42 #endif
43 &vnode_afd,
44 &vnode_afm, // must be before aff
45 &vnode_aff,
46 #ifdef USE_QEMU
47 &vnode_vmdk,
48 &vnode_dmg,
49 #endif
50 #ifdef USE_SPARSEIMAGE
51 &vnode_sparseimage,
52 #endif
53 &vnode_split_raw, // must be before raw
54 &vnode_raw, // greedy; must be last
55 0};
56
57
58
59 /****************************************************************
60 *** Support functions that don't use the "af"
61 ****************************************************************/
62
63 static int aff_initialized = 0;
64 int af_cache_debug = 0;
65 FILE *af_trace = 0;
66
af_initialize()67 void af_initialize()
68 {
69 if(aff_initialized) return;
70
71 /* make sure things were compiled properly */
72 assert(sizeof(struct af_head)==8);
73 assert(sizeof(struct af_segment_head)==16);
74 assert(sizeof(struct af_segment_tail)==8);
75 assert(sizeof(struct affkey)==AFFKEY_SIZE);
76
77 /* Make sure OpenSSL is working */
78 OpenSSL_add_all_algorithms();
79
80 const char *val = getenv(AFFLIB_CACHE_DEBUG);
81 if(val) af_cache_debug = atoi(val);
82
83 val = getenv(AFFLIB_TRACEFILE);
84 if(val){
85 af_trace = fopen(val,"wa");
86 fprintf(af_trace,"============================\n");
87 fprintf(af_trace,"AFFLIB trace started\n");
88 setvbuf(af_trace,0,_IOLBF,0);
89 }
90 aff_initialized = 1;
91 }
92
93
94 /****************************************************************
95 *** Other functions that don't use the af
96 ****************************************************************/
97
98
af_version(void)99 const char *af_version(void)
100 {
101 return PACKAGE_VERSION;
102 }
103
104
105 /* Return 1 if a file is probably an AFF file
106 * 0 if it is not.
107 * -1 if failure.
108 */
109
af_identify_file_type(const char * filename,int exists)110 int af_identify_file_type(const char *filename,int exists)
111 {
112 for(int i = 0; af_vnode_array[i]; i++){
113 if( (*af_vnode_array[i]->identify)(filename,exists)==1 ){
114 return (af_vnode_array[i]->type);
115 }
116 }
117 return exists ? AF_IDENTIFY_NOEXIST : AF_IDENTIFY_ERR;
118 }
119
af_identify_file_name(const char * filename,int exists)120 const char *af_identify_file_name(const char *filename,int exists)
121 {
122 for(int i = 0; af_vnode_array[i]; i++){
123 if( (*af_vnode_array[i]->identify)(filename,exists)==1 ){
124 return (af_vnode_array[i]->name);
125 }
126 }
127 return 0;
128 }
129
130 char af_error_str[64]; // in case af_perror is called
af_perror(const char * str)131 void af_perror(const char *str)
132 {
133 #ifdef HAVE_GETPROGNAME
134 fprintf(stderr,"%s: %s: %s\n",getprogname(),str,af_error_str);
135 #else
136 fprintf(stderr,"%s: %s\n",str,af_error_str);
137 #endif
138 }
139
140
141 /* Return the 'extension' of str.
142 * af_str("filename.aff") = ".aff"
143 */
af_ext(const char * str)144 const char *af_ext(const char *str)
145 {
146 int len = strlen(str);
147 if(len==0) return str; // no extension
148 for(int i=len-1;i>0;i--){
149 if(str[i]=='.') return &str[i+1];
150 }
151 return str;
152 }
153
af_ext_is(const char * filename,const char * ext)154 int af_ext_is(const char *filename,const char *ext)
155 {
156 return strcasecmp(af_ext(filename),ext)==0;
157 }
158
ends_with(const char * buf,const char * with)159 static int ends_with(const char *buf,const char *with)
160 {
161 if(buf && with){
162 size_t buflen = strlen(buf);
163 size_t withlen = strlen(with);
164 if(buflen>withlen && strcmp(buf+buflen-withlen,with)==0) return 1;
165 }
166 return 0;
167 }
168
169 /****************************************************************
170 *** GET FUNCTIONS
171 ****************************************************************/
172
173 /****************************************************************
174 *** Probe the next segment:
175 *** Return its name and argument, but don't advance the pointer....
176 *** Returns 0 on success, -1 on end of file or other error.
177 ****************************************************************/
178
179 /****************************************************************
180 *** AFF creation functions
181 ****************************************************************/
182
af_deallocate(AFFILE * af)183 static void af_deallocate(AFFILE *af)
184 {
185 /* Clear out the cache */
186 if(af->pbcache){
187 for(int i=0;i<af->num_pbufs;i++){
188 struct aff_pagebuf *p = &af->pbcache[i];
189 if(p->pagebuf){
190 memset(p->pagebuf,0,af->image_pagesize); // clean object reuse
191 free(p->pagebuf);
192 }
193 }
194 free(af->pbcache);
195 }
196 #ifdef HAVE_PTHREAD
197 AF_UNLOCK(af);
198 pthread_rwlock_destroy(&af->rwlock);
199 #endif
200 if(af->protocol) free(af->protocol);
201 if(af->fname) free(af->fname);
202 if(af->username) free(af->username);
203 if(af->password) free(af->password);
204 if(af->hostname) free(af->hostname);
205 if(af->badflag) free(af->badflag);
206 if(af->toc) free(af->toc);
207 if(af->crypto) af_crypto_deallocate(af);
208 if(af->vni_cache) free(af->vni_cache);
209 memset(af,0,sizeof(*af)); // clean object reuse
210 free(af);
211 }
212
af_sanitize_password(AFFILE * af)213 static void af_sanitize_password(AFFILE *af)
214 {
215 for(char *cc = af->password;*cc;cc++){
216 *cc = 'X';
217 }
218 free(af->password);
219 af->password = 0;
220 }
221
222
223 /* af_open_with is the real open routine.
224 * It opens a particular file with a particular vnode implementation.
225 */
af_open_with(const char * url,int flags,int mode,struct af_vnode * v)226 AFFILE *af_open_with(const char *url,int flags,int mode, struct af_vnode *v)
227 {
228 /* Alloate the space for the AFFILE structure */
229 AFFILE *af = (AFFILE *)calloc(sizeof(AFFILE),1);
230 af_crypto_allocate(af);
231 #ifdef HAVE_PTHREAD
232 pthread_rwlock_init(&af->rwlock, 0);
233 AF_WRLOCK(af);
234 #endif
235 af->v = v;
236 af->version = 2;
237 af->openflags = flags | O_BINARY; // make sure that we ask for binray
238 af->openmode = mode;
239 af->image_sectorsize = 512; // default size
240 af->error_reporter = warnx;
241
242 /* Decode URL */
243 af_parse_url(url,&af->protocol,&af->hostname,&af->username,&af->password,
244 &af->port,&af->fname);
245
246 /* A null passphrase is the same as no passphrase*/
247 if(af->password && af->password[0]==0){
248 free(af->password);
249 af->password=0;
250 }
251 /* If no password was set and the AFFLIB_PASSPHRASE environment variable is set, use that */
252 if(af->password==0 && getenv(AFFLIB_PASSPHRASE)){
253 af->password = strdup(getenv(AFFLIB_PASSPHRASE));
254 }
255 /* If no password is set and its in a file, get it there */
256 if(af->password==0 && getenv(AFFLIB_PASSPHRASE_FILE)){
257 int fd = open(AFFLIB_PASSPHRASE_FILE,O_RDONLY,0);
258 if(fd>0){
259 struct stat sb;
260 if(fstat(fd,&sb)==0){
261 af->password = (char *)malloc(sb.st_size);
262 int r = read(fd,af->password,sb.st_size);
263 if(r!=sb.st_size){
264 free(af->password);
265 af->password=0; // couldn't read it
266 }
267 close(fd);
268 }
269 }
270 }
271 /* If no password is set and its in a file, get it there */
272 if(af->password==0 && getenv(AFFLIB_PASSPHRASE_FD)){
273 int fd = atoi(AFFLIB_PASSPHRASE_FD);
274 af->password = (char *)malloc(1);
275 int buflen = 0;
276 int rlen = 0;
277 char mybuf[1024];
278
279 while((rlen=read(fd,mybuf,sizeof(mybuf)))>0){
280 af->password = (char *)realloc(af->password,buflen+rlen+1);
281 memcpy(af->password+buflen,mybuf,rlen);
282 buflen += rlen;
283 af->password[buflen] = '\000';
284 }
285 }
286
287 /* TK: If no password was set and the AFFLIB_ASK_PASS is set, ask for a passphrase */
288
289 /* Note things for hard files */
290 af->exists = (access(af->fname,R_OK) == 0); // does the file exist?
291
292 /* Right now just set up the cache by hand */
293 const char *cache_pages = getenv(AFFLIB_CACHE_PAGES);
294 if(cache_pages) af->num_pbufs = atoi(cache_pages);
295 if(af->num_pbufs<1) af->num_pbufs = AFFLIB_CACHE_PAGES_DEFAULT; // default valuen
296
297 af->pbcache = (struct aff_pagebuf *)calloc(af->num_pbufs,sizeof(struct aff_pagebuf));
298 if(af->pbcache==0){ // if can't allocate the full amount
299 af->num_pbufs = 2; // try a significantly smaller cache
300 af->pbcache = (struct aff_pagebuf *)calloc(af->num_pbufs,sizeof(struct aff_pagebuf));
301 }
302
303 if(flags & AF_HALF_OPEN) return af; // for low-level tools
304
305 /* Try opening it! */
306 if((*af->v->open)(af)){
307 strlcpy(af_error_str,af->error_str,sizeof(af_error_str)); // make a copy of the error string
308 af_deallocate(af);
309 return 0;
310 }
311
312 /* If there is no AFFKEY and the file is read-only, don't use a password */
313 if(af->password && (af_get_seg(af,AF_AFFKEY,0,0,0)!=0) && ((af->openflags & O_ACCMODE)==O_RDONLY)){
314 af_sanitize_password(af);
315 }
316
317 /* Set up the encryption if requested and if this support metadata */
318 if(AF_SEALING_VNODE(af) && ((flags & AF_NO_CRYPTO)==0)){
319 bool can_decrypt = false;
320 if(af->password){
321 struct af_vnode_info vni;
322 memset(&vni,0,sizeof(vni));
323 if((*af->v->vstat)(af,&vni)==0 && vni.supports_metadata){
324 int r = 0;
325 if(af_get_seg(af,AF_AFFKEY,0,0,0)!=0){ // it does not have a password
326 r = af_establish_aes_passphrase(af,af->password);
327 }
328 if(r==0){
329 r = af_use_aes_passphrase(af,af->password);
330 if(r==0) {
331 can_decrypt = true;
332 } else {
333 (*af->error_reporter)("af_open: invalid passphrase: '%s'",af->password);
334 }
335 }
336 af_sanitize_password(af);
337 }
338 }
339
340 /* Try public key... */
341 if(can_decrypt==false){
342 const char *kf = getenv(AFFLIB_DECRYPTING_PRIVATE_KEYFILE);
343 if(kf){
344 af_set_unseal_keyfile(af,kf);
345 }
346 }
347 }
348
349 af_read_sizes(af); // set up the metadata
350 if(af_trace) fprintf(af_trace,"af_open_with(%s,%o,%o,%s)\n",url,flags,mode,v->name);
351 return af;
352 }
353
354
355
af_open(const char * filename,int flags,int mode)356 AFFILE *af_open(const char *filename,int flags,int mode)
357 {
358 if(!aff_initialized) af_initialize();
359 if(ends_with(filename,".E01") || ends_with(filename,".e01")){
360 errno = EINVAL;
361 return 0;
362 }
363
364 if(flags & O_WRONLY){
365 errno = EINVAL;
366 return 0; // this flag not supported
367 }
368 int exists = (flags & O_CREAT) ? 0 : 1; // file must exist if O_CREAT not specified
369
370
371 /* Figure out it's format, then hand off to the correct subsystem. */
372 for(int i = 0; af_vnode_array[i]; i++){
373 /* Check to see if the implementation identifies the file */
374 if( (*af_vnode_array[i]->identify)(filename,exists)==1 ){
375 AFFILE *af = af_open_with(filename,flags,mode,af_vnode_array[i]);
376 return af;
377 }
378 }
379 errno = EINVAL;
380 if(exists && access(filename, R_OK) != 0) errno = ENOENT;
381 return 0; // can't figure it out; must be an invalid extension
382 }
383
384 /** Set an option and return the previous value */
af_set_option(AFFILE * af,int option,int value)385 int af_set_option(AFFILE *af,int option,int value)
386 {
387 int prev = 0;
388 switch(option){
389 case AF_OPTION_AUTO_ENCRYPT:
390 prev = af->crypto->auto_encrypt;
391 af->crypto->auto_encrypt = value;
392 return prev;
393 case AF_OPTION_AUTO_DECRYPT:
394 prev = af->crypto->auto_decrypt;
395 af->crypto->auto_decrypt = value;
396 return prev;
397 }
398 return -1;
399 }
400
401 /* Open a regular file as an affile.
402 * Can only be a raw file...
403 */
af_freopen(FILE * file)404 AFFILE *af_freopen(FILE *file)
405 {
406 if(!aff_initialized) af_initialize();
407
408 AFFILE *af = (AFFILE *)calloc(sizeof(AFFILE),1);
409 af->v = &vnode_raw;
410 af->image_sectorsize = 512; // default
411 raw_freopen(af,file);
412 return af;
413 }
414
415 #ifdef UNIX
416 /* Open a regular file as an affile */
af_popen(const char * command,const char * type)417 AFFILE *af_popen(const char *command,const char *type)
418 {
419 if(!aff_initialized) af_initialize();
420 AFFILE *af = (AFFILE *)calloc(sizeof(AFFILE),1);
421 af->v = &vnode_raw;
422 raw_popen(af,command,type);
423 af->image_sectorsize = 512; // default
424 af->openflags = O_RDONLY;
425 af->fname = strdup(command);
426 return af;
427 }
428 #endif
429
430
431 /* Close the image and unallocate fields */
af_close(AFFILE * af)432 int af_close(AFFILE *af)
433 {
434 int ret = 0;
435
436 AF_WRLOCK(af);
437 af_cache_flush(af); // flush the cache (if writing)
438
439 if(af->image_size != af->image_size_in_file){
440 af_update_segq(af,AF_IMAGESIZE,(int64_t)af->image_size);
441 af->image_size_in_file = af->image_size;
442 }
443 if(getenv(AFFLIB_CACHE_STATS)){
444 fputc('\n',stderr);
445 af_stats(af,stderr);
446 }
447
448 (*af->v->close)(af);
449 af_deallocate(af);
450 return ret;
451 }
452
453
454 /* Seek in the virtual file */
af_seek(AFFILE * af,int64_t pos,int whence)455 uint64_t af_seek(AFFILE *af,int64_t pos,int whence)
456 {
457 AF_WRLOCK(af);
458 if(af_trace) fprintf(af_trace,"af_seek(%p,%" I64d ",%d)\n",af,pos,whence);
459 uint64_t new_pos=0;
460 switch(whence){
461 case SEEK_SET:
462 new_pos = pos;
463 break;
464 case SEEK_CUR:
465 if(pos<0 && ((uint64_t)(-pos)) > af->pos) new_pos=0;
466 else new_pos = af->pos + pos;
467 break;
468 case SEEK_END:
469 if((uint64_t)pos > af->image_size) new_pos=0;
470 else new_pos = af->image_size - pos;
471 break;
472 }
473
474 /* Note if the direction has changed */
475 int direction = (new_pos > af->pos) ? 1 : ((new_pos < af->pos) ? -1 : 0);
476 if(af->last_direction != direction) af->direction_changes++;
477 if(af->direction_changes > 5 && af->random_access==0){
478 af->random_access=1;
479 }
480 af->last_direction = direction;
481 /*****************************************************************/
482
483 /* Finally update the direction */
484 af->pos = new_pos; // set the new position
485 AF_UNLOCK(af);
486 return af->pos;
487 }
488
489 /* Returns the name and offset of the last segment */
af_last_seg(AFFILE * af,char * last_segname,int last_segname_len,int64_t * pos)490 int af_last_seg(AFFILE *af,char *last_segname,int last_segname_len,int64_t *pos)
491 {
492 AF_WRLOCK(af);
493 /* Find the name of the last segment */
494 fseeko(af->aseg,0,SEEK_END);
495 af_backspace(af); // back up one segment
496 *pos = ftello(af->aseg); // remember where it is
497 last_segname[0] = 0;
498 int ret = af_probe_next_seg(af,last_segname,last_segname_len,0,0,0,0);
499 AF_UNLOCK(af);
500 return ret;
501 }
502
503
af_tell(AFFILE * af)504 uint64_t af_tell(AFFILE *af)
505 {
506 AF_READLOCK(af);
507 uint64_t ret = af->pos;
508 AF_UNLOCK(af);
509 return ret;
510 }
511
512 /* Return if we are at the end of the file */
af_eof(AFFILE * af)513 int af_eof(AFFILE *af)
514 {
515 AF_READLOCK(af);
516 af_vnode_info vni;
517
518 if(af_vstat(af,&vni)) return -1; // this is bad; we need vstat...
519 if(vni.use_eof) return vni.at_eof; // if implementation wants to use it, use it
520
521 int ret = (int64_t)af->pos >= (int64_t)vni.imagesize;
522 AF_UNLOCK(af);
523 return ret;
524 }
525
af_set_callback(AFFILE * af,void (* wcb)(struct affcallback_info *))526 void af_set_callback(AFFILE *af,void (*wcb)(struct affcallback_info *))
527 {
528 AF_WRLOCK(af);
529 af->w_callback = wcb;
530 AF_UNLOCK(af);
531 }
532
533
af_enable_compression(AFFILE * af,int type,int level)534 void af_enable_compression(AFFILE *af,int type,int level)
535 {
536 AF_WRLOCK(af);
537 af->compression_type = type;
538 af->compression_level = level;
539 AF_UNLOCK(af);
540 }
541
af_compression_type(AFFILE * af)542 int af_compression_type(AFFILE *af)
543 {
544 AF_READLOCK(af);
545 int ret = af->compression_type;
546 AF_UNLOCK(af);
547 return ret;
548 }
549
550
551 /* Doesn't need locking because it won't change */
af_filename(AFFILE * af)552 const char *af_filename(AFFILE *af)
553 {
554 return af->fname;
555 }
556
557 /* Doesn't need locking because it won't change */
af_identify(AFFILE * af)558 int af_identify(AFFILE *af)
559 {
560 return af->v->type;
561 }
562
563 /* af_get_imagesize:
564 * Return the byte # of last mapped byte in image, or size of device;
565 * No locking is needed because individual elements of the af structure are not accessed.
566 */
af_get_imagesize(AFFILE * af)567 int64_t af_get_imagesize(AFFILE *af)
568 {
569 int64_t ret = -1;
570 struct af_vnode_info vni;
571 memset(&vni,0,sizeof(vni));
572 if(af_vstat(af,&vni)==0){
573 /* If vni.imagesize is 0 and if there are encrypted segments and if there
574 * is no imagesize segment but there is an encrypted one, then we can't read this encrypted file...
575 */
576 if(vni.imagesize<=0 && vni.segment_count_encrypted>0){
577 if(af_get_seg(af,AF_IMAGESIZE,0,0,0)!=0){
578 errno = EPERM;
579 goto done;
580 }
581 }
582 ret = vni.imagesize;
583 }
584 done:;
585 return ret;
586 }
587
588 /*
589 * af_make_badflag:
590 * Create a randomized bag flag and
591 * leave an empty segment of how many badsectors there are
592 * in the image...
593 */
af_make_badflag(AFFILE * af)594 int af_make_badflag(AFFILE *af)
595 {
596 if(af->badflag!=0) free(af->badflag);
597 af->badflag = (unsigned char *)malloc(af->image_sectorsize); // current sector size
598
599 RAND_bytes(af->badflag,af->image_sectorsize);
600 strcpy((char *)af->badflag,"BAD SECTOR");
601
602 AF_WRLOCK(af);
603 af->badflag_set = 1;
604 if(af_update_seg(af,AF_BADFLAG,0,af->badflag,af->image_sectorsize)){
605 AF_UNLOCK(af);
606 return -1;
607 }
608 if(af_update_segq(af,AF_BADSECTORS,0)){
609 AF_UNLOCK(af);
610 return -1;
611 }
612 AF_UNLOCK(af);
613 return 0;
614 }
615
616
617 /*
618 * make the IMAGE_GID segment if it doesn't exist
619 * Returns -1 if an error, 0 if the GID exists, and 1 if one is made.
620 */
af_make_gid(AFFILE * af)621 int af_make_gid(AFFILE *af)
622 {
623 int ret = 0;
624 AF_WRLOCK(af);
625 if(af_get_seg(af,AF_IMAGE_GID,0,0,0)!=0){
626 unsigned char bit128[16];
627 RAND_bytes(bit128,sizeof(bit128));
628 int r = af_update_seg(af,AF_IMAGE_GID,0,bit128,sizeof(bit128));
629 if(r<0) ret = -1;
630 else ret = 1;
631 }
632 AF_UNLOCK(af);
633 return ret;
634 }
635
636
637
638 /* Decrypt data and perform unblocking if necessary.
639 * This could eliminate a memory copy by doing the decryption for everything
640 * but the last block in place, and just doing a copy for the last block.
641 */
af_aes_decrypt(AFFILE * af,const char * segname,unsigned char * data,size_t * datalen)642 void af_aes_decrypt(AFFILE *af,const char *segname,unsigned char *data,size_t *datalen)
643 {
644 #ifdef HAVE_AES_ENCRYPT
645 if(datalen==0) return; // can't decrypt; no clue how long it is
646
647 /* An encrypted segment was retrieved; decrypt and trunc the length as necessary */
648 uint32_t extra = (*datalen) % AES_BLOCK_SIZE;
649 uint32_t pad = (AES_BLOCK_SIZE - extra) % AES_BLOCK_SIZE;
650
651 if(data==0){ // just wants to find out new length
652 if(extra>0){
653 *datalen -= AES_BLOCK_SIZE;
654 }
655 return;
656 }
657
658 if(extra!=0 && *datalen < AES_BLOCK_SIZE){
659 *datalen = 0; // something is wrong
660 return;
661 }
662
663 if(data==0){ // just report the new size
664 if(extra!=0) *datalen -= AES_BLOCK_SIZE; // a block was added
665 return;
666 }
667
668 *datalen -= extra; // *datalen is now a multiple of AES_BLOCK_SIZE
669 /* Create an IV */
670 unsigned char iv[AES_BLOCK_SIZE];
671 memset(iv,0,sizeof(iv));
672 strlcpy((char *)iv,segname,sizeof(iv));
673
674 /* Decrypt! */
675 AF_READLOCK(af);
676 AES_cbc_encrypt(data,data,*datalen,&af->crypto->dkey,iv,AES_DECRYPT);
677 AF_UNLOCK(af);
678 *datalen -= pad; // remove the padding
679 #endif
680 }
681
682
af_get_seg(AFFILE * af,const char * segname,uint32_t * arg,unsigned char * data,size_t * datalen)683 int af_get_seg(AFFILE *af,const char *segname,uint32_t *arg,unsigned char *data,size_t *datalen)
684 {
685 AF_READLOCK(af);
686 if(af->v->get_seg==0){
687 errno = ENOTSUP;
688 return -1; // not supported by this file system
689 }
690 #ifdef HAVE_AES_ENCRYPT
691 /* If we have encryption and it is turned on, check for encrypted segment first */
692 if(AF_SEALING_VNODE(af) && af->crypto->auto_decrypt){
693 size_t datalen_orig = datalen ? *datalen : 0;
694 char aesname[AF_MAX_NAME_LEN];
695 strlcpy(aesname,segname,sizeof(aesname));
696 strlcat(aesname,AF_AES256_SUFFIX,sizeof(aesname));
697 int r = (*af->v->get_seg)(af,aesname,arg,data,datalen);
698 if(r==0){
699 af_aes_decrypt(af,segname,data,datalen);
700 return 0;
701 }
702 if(r==AF_ERROR_DATASMALL && datalen && (*datalen % AES_BLOCK_SIZE != 0)){
703 /* Not enough space was provided to decrypt, probably because this was blocked out */
704 size_t bigger_data_len = datalen_orig + AES_BLOCK_SIZE;
705 unsigned char *bigger_data = (unsigned char *)malloc(bigger_data_len);
706 if(!bigger_data) return -1; // Malloc failed
707 r = (*af->v->get_seg)(af,aesname,arg,bigger_data,&bigger_data_len);
708 if(r!=0){
709 free(bigger_data);
710 return -1; // something deeper is wrong
711 }
712 af_aes_decrypt(af,segname,bigger_data,&bigger_data_len);
713 if(bigger_data_len > datalen_orig){
714 free(bigger_data);
715 return -1; // it's still too big
716 }
717 memcpy(data,bigger_data,bigger_data_len);
718 *datalen = bigger_data_len;
719 free(bigger_data);
720 return 0; // finally it fits
721 }
722 }
723 #endif
724 /* Try for the unencrypted segment */
725 int ret = (*af->v->get_seg)(af,segname,arg,data,datalen);
726 AF_UNLOCK(af);
727 return ret;
728 }
729
af_get_next_seg(AFFILE * af,char * segname,size_t segname_len,uint32_t * arg,unsigned char * data,size_t * datalen)730 int af_get_next_seg(AFFILE *af,char *segname,size_t segname_len,uint32_t *arg,
731 unsigned char *data,size_t *datalen)
732 {
733 size_t datalen_orig = datalen ? *datalen : 0;
734 AF_READLOCK(af);
735 if(af->v->get_next_seg==0){
736 errno = ENOTSUP;
737 AF_UNLOCK(af);
738 return -1;
739 }
740 int r = (*af->v->get_next_seg)(af,segname,segname_len,arg,data,datalen);
741 #ifdef HAVE_AES_ENCRYPT
742 if(AF_SEALING_VNODE(af)
743 && ends_with(segname,AF_AES256_SUFFIX)
744 && af->crypto->auto_decrypt){
745 segname[strlen(segname)-strlen(AF_AES256_SUFFIX)] = 0;
746 /* An encrypted segment was retrieved.
747 * If it fit, decrypt and return.
748 * If it doesn't fit, try to get it again (which will use our adaptive blocksize)
749 *
750 * Normaly it will fit becuase the caller doesn't know how long the 'next' segment is,
751 * so the caller normally leaves enough space.
752 */
753 if(r==0){
754 af_aes_decrypt(af,segname,data,datalen);
755 AF_UNLOCK(af);
756 return 0;
757 }
758 if(r==AF_ERROR_DATASMALL && datalen && (*datalen % AES_BLOCK_SIZE !=0)){
759 *datalen = datalen_orig;
760 AF_UNLOCK(af);
761 return af_get_seg(af,segname,arg,data,datalen);
762 }
763 AF_UNLOCK(af);
764 return r; // not sure why we got this error
765 }
766 #endif
767 AF_UNLOCK(af);
768 return r;
769 }
770
af_rewind_seg(AFFILE * af)771 int af_rewind_seg(AFFILE *af)
772 {
773 if(af_trace) fprintf(af_trace,"af_rewind_seg(%p)\n",af);
774 AF_READLOCK(af);
775 if(af->v->rewind_seg==0){
776 errno = ENOTSUP;
777 AF_UNLOCK(af);
778 return -1;
779 }
780 int ret = (*af->v->rewind_seg)(af);
781 AF_UNLOCK(af);
782 return ret;
783 }
784
785 /** Main routine for writing segments
786 */
787
af_update_segf(AFFILE * af,const char * segname,uint32_t arg,const u_char * data,uint32_t datalen,uint32_t flag)788 int af_update_segf(AFFILE *af, const char *segname,
789 uint32_t arg,const u_char *data,uint32_t datalen,uint32_t flag)
790 {
791 if(af_trace) fprintf(af_trace,"af_update_segf(%p,segname=%s,arg=%" PRIu32 ",datalen=%d)\n",
792 af,segname,arg,datalen);
793 AF_WRLOCK(af);
794 if(af->v->update_seg==0){
795 errno = ENOTSUP;
796 AF_UNLOCK(af);
797 return -1; // not supported by this file system
798 }
799
800 af_invalidate_vni_cache(af);
801
802 /* See if we need to encrypt. New memory might need to be allocated.
803 * This isn't a big deal, because encryption requires copying memory
804 * in any event; it's either an in-place copy or a copy to another location.
805 */
806 #ifdef HAVE_AES_ENCRYPT
807 const char *oldname = 0;
808 unsigned char *newdata = 0;
809 if(AF_SEALING(af) && ((flag & AF_SIGFLAG_NOSEAL)==0) && af->crypto->auto_encrypt){
810 /* Create an IV */
811 unsigned char iv[AES_BLOCK_SIZE];
812 memset(iv,0,sizeof(iv));
813 strlcpy((char *)iv,segname,sizeof(iv));
814
815 /* Figure out the real segment name */
816 char aesname[AF_MAX_NAME_LEN];
817 strlcpy(aesname,segname,sizeof(aesname));
818 strlcat(aesname,AF_AES256_SUFFIX,sizeof(aesname));
819 oldname = segname;
820 segname = aesname;
821
822 /* Figure out if we need to padd out for encryption. Allocate space and
823 */
824 uint32_t extra = (datalen) % AES_BLOCK_SIZE;
825 uint32_t pad = (AES_BLOCK_SIZE - extra) % AES_BLOCK_SIZE;
826 newdata = (unsigned char *)malloc(datalen+pad+extra);
827 memset(newdata+datalen,pad+extra,pad); // PKCS7 uses 01 for one pad byte, 02 02 for two, etc.
828 /* Encrypt */
829 AES_cbc_encrypt((const unsigned char *)data,
830 newdata,
831 datalen+pad,&af->crypto->ekey,iv,AES_ENCRYPT);
832 data = newdata; // we will write this out
833 datalen += pad + extra;
834 }
835 #endif
836 int r = (*af->v->update_seg)(af,segname,arg,data,datalen); // actually update the segment
837 if(r < 0)
838 { AF_UNLOCK(af); return r; }
839
840 af->bytes_written += datalen;
841 #ifdef HAVE_AES_ENCRYPT
842 /* if we encrypted, make sure the unencrypted segment is deleted */
843 if(oldname && af->v->del_seg) (*af->v->del_seg)(af,oldname);
844 if(newdata){
845 free(newdata); // free any allocated data
846 newdata = 0;
847 }
848 #endif
849 /* If we wrote out an unencrypted segment, make sure that the corresopnding encrypted
850 * segment is deleted.
851 */
852 char encrypted_name[AF_MAX_NAME_LEN];
853 strlcpy(encrypted_name,segname,sizeof(encrypted_name));
854 strlcat(encrypted_name,AF_AES256_SUFFIX,sizeof(encrypted_name));
855 if(af->v->del_seg) (*af->v->del_seg)(af,encrypted_name); // no need to check error return
856
857
858 /* Sign the segment if:
859 * - there is a signing private key
860 * - the data structure and flag not set
861 * - This is not a signature segment
862 */
863 #ifdef USE_AFFSIGS
864 const u_char *signdata = data; // remember the original data location
865 if(AF_SEALING(af)
866 && af->crypto->sign_privkey
867 && ((flag & AF_SIGFLAG_NOSIG)==0)
868 && !ends_with(segname,AF_SIG256_SUFFIX)){
869 // return code doesn't matter; it's either signed or not.
870 af_sign_seg3(af,segname,arg,signdata,datalen,AF_SIGNATURE_MODE0);
871 }
872 #endif
873 AF_UNLOCK(af);
874 return r;
875 }
876
877 /* Requires no locking because locking is done in af_update_segf */
af_update_seg(AFFILE * af,const char * segname,uint32_t arg,const u_char * data,uint32_t datalen)878 int af_update_seg(AFFILE *af, const char *segname,
879 uint32_t arg,const u_char *data,uint32_t datalen)
880 {
881 return af_update_segf(af,segname,arg,data,datalen,0);
882 }
883
884 #ifdef HAVE_OPENSSL_BIO_H
885 /* Requires no locking */
af_update_seg_frombio(AFFILE * af,const char * segname,uint32_t,BIO * bio)886 int af_update_seg_frombio(AFFILE *af,const char *segname,uint32_t /*arg*/,BIO *bio)
887 {
888 /* Get the buffer to write out */
889 u_char *buf=0;
890 size_t buflen = BIO_get_mem_data(bio,&buf);
891 return af_update_seg(af,segname,0,buf,buflen);
892 }
893 #endif
894
af_del_seg(AFFILE * af,const char * segname)895 int af_del_seg(AFFILE *af,const char *segname)
896 {
897 AF_WRLOCK(af);
898 if(af->v->del_seg==0){
899 errno = ENOTSUP;
900 AF_UNLOCK(af);
901 return -1; // not supported
902 }
903 #ifdef HAVE_AES_ENCRYPT
904 if(AF_SEALING(af)){
905 /* Delete the encrypted segment if it exists */
906 char aesname[AF_MAX_NAME_LEN];
907 strlcpy(aesname,segname,sizeof(aesname));
908 strlcat(aesname,AF_AES256_SUFFIX,sizeof(aesname));
909 (*af->v->del_seg)(af,aesname);
910 }
911 #endif
912 /* Delete the unencrypted segment */
913 int ret = (*af->v->del_seg)(af,segname);
914 AF_UNLOCK(af);
915 return ret;
916 }
917
af_invalidate_vni_cache(AFFILE * af)918 void af_invalidate_vni_cache(AFFILE *af)
919 {
920 if(af->vni_cache){
921 free(af->vni_cache);
922 af->vni_cache = 0;
923 }
924 }
925
af_vstat(AFFILE * af,struct af_vnode_info * vni)926 int af_vstat(AFFILE *af,struct af_vnode_info *vni)
927 {
928 AF_READLOCK(af);
929 if(af->v->vstat==0){
930 errno = ENOTSUP;
931 AF_UNLOCK(af);
932 return -1; // not supported
933 }
934 int ret = 0;
935 if(af->vni_cache==0){ // no cached copy?
936 af->vni_cache = (struct af_vnode_info *)calloc(1,sizeof(struct af_vnode_info)); // allocate a space
937 ret = (*af->v->vstat)(af,af->vni_cache);
938 }
939 if(ret==0) memcpy(vni,af->vni_cache,sizeof(*vni));
940 AF_UNLOCK(af);
941 return ret;
942 }
943
944 /* Requires no locking */
af_has_pages(AFFILE * af)945 int af_has_pages(AFFILE *af)
946 {
947 struct af_vnode_info vni;
948 if(af_vstat(af,&vni)) return -1; // can't figure it out
949 return vni.has_pages; // will return 0 or 1
950 }
951
952
af_stats(AFFILE * af,FILE * f)953 void af_stats(AFFILE *af,FILE *f)
954 {
955 AF_READLOCK(af);
956 fprintf(f,"AFSTATS for %s\n",af_filename(af));
957 fprintf(f,"Pages read: %" I64u "\n",af->pages_read);
958 fprintf(f,"Pages written: %" I64u "\n",af->pages_written);
959 fprintf(f,"Pages compressed: %" I64u "\n",af->pages_compressed);
960 fprintf(f,"Pages decompressed: %" I64u "\n",af->pages_decompressed);
961 fprintf(f,"Cache hits: %" I64u "\n",af->cache_hits);
962 fprintf(f,"Cache misses: %" I64u "\n",af->cache_misses);
963 fprintf(f,"Bytes copied: %" I64u "\n",af->bytes_memcpy);
964 AF_UNLOCK(af);
965 }
966
967
af_set_acquisition_date(AFFILE * af,time_t t)968 int af_set_acquisition_date(AFFILE *af,time_t t)
969 {
970 char timebuf[64];
971 strftime(timebuf,sizeof(timebuf),"%Y-%m-%d %H:%M:%S\n",localtime(&t));
972 return af_update_seg(af,AF_ACQUISITION_DATE,0,(const u_char *)timebuf,strlen(timebuf));
973 }
974