file system encryption
29 views
Skip to first unread message
newguy
Nov 23, 2009, 12:53:41 PM11/23/09
to minix3
hi
I am trying to implement encryption for filesystem
I want to implement a system call in FS server that appends data
( key ) to a key file(common to all users)
I don't want user process to gain access to the file, however I want
to allow him to write a key value onto
key file ,so i have decided to put it into a system call in FS server
I have written a handler in FS/protect.c
wherein i open ,lseek to end of file,write ,then close file
however write call is not functioning as expected
it simply appends as many 0's to end of file as the number of
characters i wanted to write
here is the code
I am changing the input message and calling other handlers
in below code i want to append "aa" in /keys file
but it appended 3 nuls instead
handlers code in FS
{
char *p="/keys"
char *q="aa"
m_in.m3_i1=6 /*length of "/keys" string*/
m_in.m3_p1=p /*file to open */
m_in.m3_i2=1 /*write only mode*/
fld=do_open();
m_in.m2_i1=fld /*length of "/keys" string*/
m_in.m3_l1=0; /*offset in lseek */
m_in.m2_i2=2; /*end of file */
fd=do_lseek();
m_in.m1_i1=fld; /*file to be written*/
m_in.m1_l2=5 /*length of "/keys" string*/
m_in.m1_p1=q /*content to write*/
do_write();
m_in.m1_i1=fld;
do_close();
}
I am trying to implement encryption for filesystem
I want to implement a system call in FS server that appends data
( key ) to a key file(common to all users)
I don't want user process to gain access to the file, however I want
to allow him to write a key value onto
key file ,so i have decided to put it into a system call in FS server
I have written a handler in FS/protect.c
wherein i open ,lseek to end of file,write ,then close file
however write call is not functioning as expected
it simply appends as many 0's to end of file as the number of
characters i wanted to write
here is the code
I am changing the input message and calling other handlers
in below code i want to append "aa" in /keys file
but it appended 3 nuls instead
handlers code in FS
{
char *p="/keys"
char *q="aa"
m_in.m3_i1=6 /*length of "/keys" string*/
m_in.m3_p1=p /*file to open */
m_in.m3_i2=1 /*write only mode*/
fld=do_open();
m_in.m2_i1=fld /*length of "/keys" string*/
m_in.m3_l1=0; /*offset in lseek */
m_in.m2_i2=2; /*end of file */
fd=do_lseek();
m_in.m1_i1=fld; /*file to be written*/
m_in.m1_l2=5 /*length of "/keys" string*/
m_in.m1_p1=q /*content to write*/
do_write();
m_in.m1_i1=fld;
do_close();
}
Erik van der Kouwe
Nov 23, 2009, 3:25:44 PM11/23/09
to minix3
Hi,
> I am trying to implement encryption for filesystem
> I want to implement a system call in FS server that appends data
> ( key ) to a key file(common to all users)
> I don't want user process to gain access to the file, however I want
> to allow him to write a key value onto
> key file ,so i have decided to put it into a system call in FS server
If you store the keys in plaintext encryption is pretty pointless. One
can still decrypt the contents of the disk without the password by
booting another OS, like Linux or even the MINIX installation CD. It
doesn't matter from the OS itself either, as the rot user can read to
file through /dev/c0d#p#s# while non-root users can be prevented from
reading the file simply by setting Unix permissions correctly. Relying
on a hidden file is a bad design.
> I have written a handler in FS/protect.c
> wherein i open ,lseek to end of file,write ,then close file
>
> however write call is not functioning as expected
> it simply appends as many 0's to end of file as the number of
> characters i wanted to write
> here is the code
>
> I am changing the input message and calling other handlers
> in below code i want to append "aa" in /keys file
> but it appended 3 nuls instead
These calls are meant to be called by other processes, not from within
FS. Don't expect them to be reliable. Instead, add a separate server
to do the encryption. If you have a MINIX with VFS (>= 3.1.3) you
could for example try to insert such a server between VFS and MFS.
This way you can rely on the MFS calls, which I think is enough for
your purposes. I have no experience with VFS, but documentation is
found on the Wiki (http://wiki.minix3.org/en/DevelopersGuide/
VfsFsProtocol).
With kind regards,
Erik
> I am trying to implement encryption for filesystem
> I want to implement a system call in FS server that appends data
> ( key ) to a key file(common to all users)
> I don't want user process to gain access to the file, however I want
> to allow him to write a key value onto
> key file ,so i have decided to put it into a system call in FS server
can still decrypt the contents of the disk without the password by
booting another OS, like Linux or even the MINIX installation CD. It
doesn't matter from the OS itself either, as the rot user can read to
file through /dev/c0d#p#s# while non-root users can be prevented from
reading the file simply by setting Unix permissions correctly. Relying
on a hidden file is a bad design.
> I have written a handler in FS/protect.c
> wherein i open ,lseek to end of file,write ,then close file
>
> however write call is not functioning as expected
> it simply appends as many 0's to end of file as the number of
> characters i wanted to write
> here is the code
>
> I am changing the input message and calling other handlers
> in below code i want to append "aa" in /keys file
> but it appended 3 nuls instead
FS. Don't expect them to be reliable. Instead, add a separate server
to do the encryption. If you have a MINIX with VFS (>= 3.1.3) you
could for example try to insert such a server between VFS and MFS.
This way you can rely on the MFS calls, which I think is enough for
your purposes. I have no experience with VFS, but documentation is
found on the Wiki (http://wiki.minix3.org/en/DevelopersGuide/
VfsFsProtocol).
With kind regards,
Erik
newguy
Nov 23, 2009, 3:53:33 PM11/23/09
to minix3
Thanks Erik
2more qtns
about storing the key file
I was thinking of encrypting it with a different key and since i don't
even want root to know about it and since this key
must be inaccessible even for the root i thought it could be kept in
the code(hardcoded).Dosen't it solve the problem ?
what could be the problem if say i make a call form a system call
handler directly to other handler(without using syscall or library
routine)
how are they different from a function call ?
thanks
2more qtns
about storing the key file
I was thinking of encrypting it with a different key and since i don't
even want root to know about it and since this key
must be inaccessible even for the root i thought it could be kept in
the code(hardcoded).Dosen't it solve the problem ?
what could be the problem if say i make a call form a system call
handler directly to other handler(without using syscall or library
routine)
how are they different from a function call ?
thanks
Erik van der Kouwe
Nov 24, 2009, 2:50:00 AM11/24/09
to minix3
Hi,
> 2more qtns
> about storing the key file
> I was thinking of encrypting it with a different key and since i don't
> even want root to know about it and since this key
> must be inaccessible even for the root i thought it could be kept in
> the code(hardcoded).Dosen't it solve the problem ?
That doesn't help since one could look at the code (or, if needed,
disassemble the binary). You could use a key based on a password wince
that shouldn't be stored on your HD. However, the user would then need
to provide that password before he/she could access the files.
> what could be the problem if say i make a call form a system call
> handler directly to other handler(without using syscall or library
> routine)
> how are they different from a function call ?
The code is not intended for doing this, so you may run into
unforeseen problems.
With kind regards,
Erik
> 2more qtns
> about storing the key file
> I was thinking of encrypting it with a different key and since i don't
> even want root to know about it and since this key
> must be inaccessible even for the root i thought it could be kept in
> the code(hardcoded).Dosen't it solve the problem ?
disassemble the binary). You could use a key based on a password wince
that shouldn't be stored on your HD. However, the user would then need
to provide that password before he/she could access the files.
> what could be the problem if say i make a call form a system call
> handler directly to other handler(without using syscall or library
> routine)
> how are they different from a function call ?
unforeseen problems.
With kind regards,
Erik
Reply all
Reply to author
Forward
0 new messages