Fix encryption of metadata chunks.

This commit is contained in:
Moinak Ghosh 2014-11-03 23:22:22 +05:30
parent ffa7f9cff8
commit d63f848a24

View file

@ -81,6 +81,11 @@ compress_and_write(meta_ctx_t *mctx)
uint64_t dstlen; uint64_t dstlen;
int64_t wbytes; int64_t wbytes;
/*
* Increment metadata chunk id. Useful when encrypting (CTR Mode).
*/
mctx->id++;
/* /*
* Plain checksum if not encrypting. * Plain checksum if not encrypting.
* This place will hold HMAC if encrypting. * This place will hold HMAC if encrypting.
@ -129,7 +134,7 @@ compress_and_write(meta_ctx_t *mctx)
} }
if (pctx->encrypt_type) { if (pctx->encrypt_type) {
rv = crypto_buf(&(pctx->crypto_ctx), comp_chunk, comp_chunk, dstlen, 255); rv = crypto_buf(&(pctx->crypto_ctx), comp_chunk, comp_chunk, dstlen, mctx->id);
if (rv == -1) { if (rv == -1) {
pctx->main_cancel = 1; pctx->main_cancel = 1;
pctx->t_errored = 1; pctx->t_errored = 1;
@ -155,7 +160,7 @@ compress_and_write(meta_ctx_t *mctx)
uchar_t *mac_ptr; uchar_t *mac_ptr;
mac_ptr = tobuf + 25; mac_ptr = tobuf + 25;
memset(mac_ptr, 0, CKSUM_MAX + CRC32_SIZE); memset(mac_ptr, 0, pctx->mac_bytes + CRC32_SIZE);
hmac_reinit(&mctx->chunk_hmac); hmac_reinit(&mctx->chunk_hmac);
hmac_update(&mctx->chunk_hmac, tobuf, dstlen + METADATA_HDR_SZ); hmac_update(&mctx->chunk_hmac, tobuf, dstlen + METADATA_HDR_SZ);
hmac_final(&mctx->chunk_hmac, chash, &hlen); hmac_final(&mctx->chunk_hmac, chash, &hlen);
@ -218,6 +223,7 @@ metadata_compress(void *dat)
int ack; int ack;
mctx->running = 1; mctx->running = 1;
mctx->id = -1;
while (Read(mctx->meta_pipes[SINK_CHANNEL], &msgp, sizeof (msgp)) == sizeof (msgp)) { while (Read(mctx->meta_pipes[SINK_CHANNEL], &msgp, sizeof (msgp)) == sizeof (msgp)) {
ack = 0; ack = 0;
if (mctx->frompos + msgp->len > METADATA_CHUNK_SIZE) { if (mctx->frompos + msgp->len > METADATA_CHUNK_SIZE) {
@ -299,7 +305,7 @@ decompress_data(meta_ctx_t *mctx)
deserialize_checksum(checksum, cbuf + 25, pctx->mac_bytes); deserialize_checksum(checksum, cbuf + 25, pctx->mac_bytes);
memset(cbuf + 25, 0, pctx->mac_bytes + CRC32_SIZE); memset(cbuf + 25, 0, pctx->mac_bytes + CRC32_SIZE);
hmac_reinit(&mctx->chunk_hmac); hmac_reinit(&mctx->chunk_hmac);
hmac_update(&mctx->chunk_hmac, cbuf, mctx->frompos); hmac_update(&mctx->chunk_hmac, cbuf, len_cmp + METADATA_HDR_SZ);
hmac_final(&mctx->chunk_hmac, mctx->checksum, &len); hmac_final(&mctx->chunk_hmac, mctx->checksum, &len);
if (memcmp(checksum, mctx->checksum, len) != 0) { if (memcmp(checksum, mctx->checksum, len) != 0) {
log_msg(LOG_ERR, 0, "Metadata chunk %d, HMAC verification failed", log_msg(LOG_ERR, 0, "Metadata chunk %d, HMAC verification failed",