bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
{
if (password.Size() < 1)
throw PasswordEmpty (SRC_POS);
ConstBufferPtr salt (encryptedData.GetRange (SaltOffset, SaltSize));
SecureBuffer header (EncryptedHeaderDataSize);
SecureBuffer headerKey (GetLargestSerializedKeySize());
foreach (shared_ptr <Pkcs5Kdf> pkcs5, keyDerivationFunctions)
{
pkcs5->DeriveKey (headerKey, password, salt);
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
{
if (typeid (*mode) != typeid (EncryptionModeXTS))
mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms)
{
if (!ea->IsModeSupported (mode))
continue;
/*
printf("trying %ls, %ls, %ls\n", pkcs5->GetName().c_str(),
mode->GetName().c_str(),
ea->GetName().c_str()
);
*/
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
mode = mode->GetNew();
mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
}
else
{
ea->SetKey (headerKey.GetRange (LegacyEncryptionModeKeyAreaSize, ea->GetKeySize()));
}
ea->SetMode (mode);
header.CopyFrom (encryptedData.GetRange (EncryptedHeaderDataOffset, EncryptedHeaderDataSize));
ea->Decrypt (header);
if (Deserialize (header, ea, mode))
{
EA = ea;
Pkcs5 = pkcs5;
return true;
}
}
}
}
static int fuse_service_read (const char *path, char *buf, size_t size, off_t offset, struct fuse_file_info *fi)
{
try
{
if (!FuseService::CheckAccessRights())
return -EACCES;
if (strcmp (path, FuseService::GetVolumeImagePath()) == 0)
{
try
{
// Test for read beyond the end of the volume
if ((uint64) offset + size > FuseService::GetVolumeSize())
size = FuseService::GetVolumeSize() - offset;
size_t sectorSize = FuseService::GetVolumeSectorSize();
if (size % sectorSize != 0 || offset % sectorSize != 0)
{
// Support for non-sector-aligned read operations is required by some loop device tools
// which may analyze the volume image before attaching it as a device
uint64 alignedOffset = offset - (offset % sectorSize);
uint64 alignedSize = size + (offset % sectorSize);
if (alignedSize % sectorSize != 0)
alignedSize += sectorSize - (alignedSize % sectorSize);
SecureBuffer alignedBuffer (alignedSize);
FuseService::ReadVolumeSectors (alignedBuffer, alignedOffset);
BufferPtr ((byte *) buf, size).CopyFrom (alignedBuffer.GetRange (offset % sectorSize, size));
}
else
{
FuseService::ReadVolumeSectors (BufferPtr ((byte *) buf, size), offset);
}
}
catch (MissingVolumeData)
{
return 0;
}
return size;
}
if (strcmp (path, FuseService::GetControlPath()) == 0)
{
shared_ptr <Buffer> infoBuf = FuseService::GetVolumeInfo();
BufferPtr outBuf ((byte *)buf, size);
if (offset >= (off_t) infoBuf->Size())
return 0;
if (offset + size > infoBuf->Size())
size = infoBuf->Size () - offset;
outBuf.CopyFrom (infoBuf->GetRange (offset, size));
return size;
}
}
catch (...)
{
return FuseService::ExceptionToErrorCode();
}
return -ENOENT;
}