Transparently integrate reading of encrypted files into library

This adds crypto.[ch], several exported functions that you are not interested
to use and dependency on >=libconfig-1.0.1 to read list of PFX files with keys.
See libntfs/config for example configuration file.

configure.ac

@@ -115,8 +115,8 @@ AC_ARG_ENABLE(ntfsmount,
 
 AC_ARG_ENABLE(crypto,
 	AS_HELP_STRING(--enable-crypto,enable crypto related code and utilities
-		       (default=no)), ,
-	enable_crypto=no
+		       (default=detect)), ,
+	enable_crypto=auto
 )
 
 AC_ARG_ENABLE(really-static,
@@ -137,7 +137,7 @@ AC_ARG_ENABLE(test,
 )
 AM_CONDITIONAL(ENABLE_TEST, test "$enable_test" = yes)
 if test "$enable_test" = "yes"; then
-	CFLAGS="$CFLAGS -DNTFS_TEST"
+	CFLAGS="${CFLAGS} -DNTFS_TEST"
 fi
 
 AH_TEMPLATE([NTFS_DISABLE_DEBUG_LOGGING],
@@ -212,7 +212,7 @@ AM_CONDITIONAL(ENABLE_FUSE, $compile_ntfsmount)
 compile_crypto=false
 if test "$enable_crypto" != "no"; then
 	have_libgcrypt=false
-	AM_PATH_LIBGCRYPT(1.2.0, [ have_libgcrypt=true ],
+	AM_PATH_LIBGCRYPT(1.2.2, [ have_libgcrypt=true ],
 	[
 		if test "$enable_crypto" = "yes"; then
 			AC_MSG_ERROR([Linux-NTFS crypto code requires the gcrypt library.])
@@ -221,17 +221,29 @@ if test "$enable_crypto" != "no"; then
 		fi
 	])
 	have_libgnutls=false
-	AM_PATH_LIBGNUTLS(1.2.8, [ have_libgnutls=true ],
-	[
+	PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.4, [ have_libgnutls=true ],
 		if test "$enable_crypto" = "yes"; then
 			AC_MSG_ERROR([Linux-NTFS crypto code requires the gnutls library.])
 		else
 			AC_MSG_WARN([Linux-NTFS crypto code requires the gnutls library.])
 		fi
-	])
+	)
+	have_libconfig=false
+	PKG_CHECK_MODULES(libconfig, libconfig >= 1.0.1, [ have_libconfig=true ],
+		if test "$enable_crypto" = "yes"; then
+			AC_MSG_ERROR([Linux-NTFS crypto code requires the libconfig.])
+		else
+			AC_MSG_WARN([Linux-NTFS crypto code requires the libconfig.])
+		fi
+	)
 	if test "$have_libgcrypt" = "true"; then
 		if test "$have_libgnutls" = "true"; then
-			compile_crypto=true
+			if test "$have_libconfig" = "true"; then
+				compile_crypto=true
+				AC_DEFINE([ENABLE_CRYPTO], 1,
+				[Define this to 1 if you want to enable support of
+				 encrypted files in libntfs and utilities.])
+			fi
 		fi
 	fi
 fi
@@ -345,7 +357,7 @@ AC_CHECK_HEADERS([ctype.h fcntl.h libgen.h libintl.h limits.h locale.h \
 	endian.h byteswap.h sys/byteorder.h sys/endian.h sys/param.h \
 	sys/ioctl.h sys/mount.h sys/stat.h sys/types.h sys/vfs.h \
 	sys/statvfs.h sys/sysmacros.h linux/major.h linux/fd.h linux/hdreg.h \
-	machine/endian.h gcrypt.h windows.h gnutls/pkcs12.h syslog.h])
+	machine/endian.h windows.h syslog.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_HEADER_STDBOOL

include/ntfs/Makefile.am

@@ -8,6 +8,7 @@ linux_ntfsinclude_HEADERS = \
 	collate.h		\
 	compat.h		\
 	compress.h		\
+	crypto.h		\
 	debug.h			\
 	device.h		\
 	device_io.h		\

include/ntfs/attrib.h

@@ -34,6 +34,7 @@ typedef struct _ntfs_attr_search_ctx ntfs_attr_search_ctx;
 #include "volume.h"
 #include "debug.h"
 #include "logging.h"
+#include "crypto.h"
 
 extern ntfschar AT_UNNAMED[];
 
@@ -140,6 +141,7 @@ static __inline__ int ntfs_attrs_walk(ntfs_attr_search_ctx *ctx)
  * @compression_block_size:		size of a compression block (cb)
  * @compression_block_size_bits:	log2 of the size of a cb
  * @compression_block_clusters:		number of clusters per cb
+ * @crypto:		(valid only for encrypted) see description below
  *
  * This structure exists purely to provide a mechanism of caching the runlist
  * of an attribute. If you want to operate on a particular attribute extent,
@@ -166,6 +168,17 @@ static __inline__ int ntfs_attrs_walk(ntfs_attr_search_ctx *ctx)
  *
  * @state contains NTFS attribute specific flags describing this attribute
  * structure. See ntfs_attr_state_bits above.
+ *
+ * @crypto points to private structure of crypto code. You should not access
+ * fields of this structure, but you can check whether it is NULL or not. If it
+ * is not NULL, then we successfully obtained FEK (File Encryption Key) and
+ * ntfs_attr_p{read,write} calls probably would succeed. If it is NULL, then we
+ * failed to obtain FEK (do not have corresponding PFX file, wrong password,
+ * etc..) or library was compiled without crypto support. Attribute size can be
+ * changed without knowledge of FEK, so you can use ntfs_attr_truncate in any
+ * case.
+ * NOTE: This field valid only if attribute encrypted (eg., NAttrEncrypted
+ * returns non-zero).
  */
 struct _ntfs_attr {
 	runlist_element *rl;
@@ -181,10 +194,12 @@ struct _ntfs_attr {
 	u32 compression_block_size;
 	u8 compression_block_size_bits;
 	u8 compression_block_clusters;
+	ntfs_crypto_attr *crypto;
 };
 
 /**
- * enum ntfs_attr_state_bits - bits for the state field in the ntfs_attr structure
+ * enum ntfs_attr_state_bits - bits for the state field in the ntfs_attr
+ * structure
  */
 typedef enum {
 	NA_Initialized,		/* 1: structure is initialized. */

include/ntfs/crypto.h

@@ -0,0 +1,44 @@
+/**
+ * crypto.h - Exports for dealing with encrypted files.  Part of the
+ *            Linux-NTFS project.
+ *
+ * Copyright (c) 2007 Yura Pakhuchiy
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program (in the main directory of the Linux-NTFS
+ * distribution in the file COPYING); if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef _NTFS_CRYPTO_H
+#define _NTFS_CRYPTO_H
+
+/*
+ * This is our Big Secret (TM) structure, so do not allow anyone even read it
+ * values. ;-) In fact, it is private because exist only in libntfs version
+ * compiled with cryptography support, so users can not depend on it.
+ */
+typedef struct _ntfs_crypto_attr ntfs_crypto_attr;
+
+/*
+ * These functions should not be used directly. They are called for encrypted
+ * attributes from corresponding functions without _crypto_ part.
+ */
+
+extern int ntfs_crypto_attr_open(ntfs_attr *na);
+extern void ntfs_crypto_attr_close(ntfs_attr *na);
+
+extern s64 ntfs_crypto_attr_pread(ntfs_attr *na, const s64 pos, s64 count,
+		void *b);
+
+#endif /* _NTFS_CRYPTO_H */

libntfs/Makefile.am

@@ -32,9 +32,16 @@ LTVERSION_LIBNTFS_GNOMEVFS = 1:0:0
 linux_ntfsincludedir = -I$(top_srcdir)/include/ntfs
 
 lib_LTLIBRARIES = libntfs.la
+
 libntfs_la_LDFLAGS = -version-info $(LTVERSION_LIBNTFS) -no-undefined
 libntfs_la_CFLAGS = $(LIBNTFS_CFLAGS) \
 	-DLTVERSION_LIBNTFS=\"$(LTVERSION_LIBNTFS)\"
+
+if ENABLE_CRYPTO
+libntfs_la_LDFLAGS += `libgnutls-config --libs` `pkg-config --libs libconfig`
+libntfs_la_CFLAGS += `libgnutls-config --cflags` `pkg-config --cflags libconfig`
+endif
+
 libntfs_la_SOURCES =	\
 	attrib.c	\
 	attrlist.c	\
@@ -43,6 +50,7 @@ libntfs_la_SOURCES =	\
 	collate.c	\
 	compat.c	\
 	compress.c	\
+	crypto.c	\
 	debug.c		\
 	device.c	\
 	device_io.c	\

libntfs/attrib.c

@@ -57,6 +57,7 @@
 #include "bitmap.h"
 #include "logging.h"
 #include "support.h"
+#include "crypto.h"
 
 ntfschar AT_UNNAMED[] = { const_cpu_to_le16('\0') };
 
@@ -426,6 +427,8 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni, const ATTR_TYPES type,
 				(l + 7) & ~7, l, l, cs ? (l + 7) & ~7 : 0, 0);
 	}
 	ntfs_attr_put_search_ctx(ctx);
+	if (NAttrEncrypted(na))
+		ntfs_crypto_attr_open(na);
 	return na;
 put_err_out:
 	ntfs_attr_put_search_ctx(ctx);
@@ -446,6 +449,8 @@ void ntfs_attr_close(ntfs_attr *na)
 {
 	if (!na)
 		return;
+	if (NAttrEncrypted(na))
+		ntfs_crypto_attr_close(na);
 	if (NAttrNonResident(na) && na->rl)
 		free(na->rl);
 	/* Don't release if using an internal constant. */
@@ -855,10 +860,9 @@ s64 ntfs_attr_pread(ntfs_attr *na, const s64 pos, s64 count, void *b)
 	 * Encrypted non-resident attributes are not supported.  We return
 	 * access denied, which is what Windows NT4 does, too.
 	 */
-	if (NAttrEncrypted(na) && NAttrNonResident(na)) {
-		errno = EACCES;
-		return -1;
-	}
+	if (NAttrEncrypted(na) && NAttrNonResident(na))
+		return ntfs_crypto_attr_pread(na, pos, count, b);
+
 	vol = na->ni->vol;
 	/* Update access time if needed. */
 	if (na->type == AT_DATA || na->type == AT_INDEX_ROOT ||

libntfs/config

@@ -0,0 +1,10 @@
+# libntfs sample configuration file
+
+crypto : {
+	keys = (
+		("/home/yura/ntfs/my3.pfx",	"my3"),	# key with password
+#		("/home/yura/ntfs/my-rec.pfx",	""),	// password-less key
+		("/home/yura/ntfs/my.pfx")	/* password-less key */
+	);
+};
+

ntfsprogs/Makefile.am

@@ -125,7 +125,8 @@ ntfsdump_logfile_LDFLAGS= $(AM_LFLAGS)
 if ENABLE_CRYPTO
 ntfsdecrypt_SOURCES	= ntfsdecrypt.c utils.c utils.h
 ntfsdecrypt_LDADD	= $(AM_LIBS)
-ntfsdecrypt_LDFLAGS	= $(AM_LFLAGS) -lgcrypt -lgnutls
+ntfsdecrypt_LDFLAGS	= $(AM_LFLAGS) `libgnutls-config --libs`
+ntfsdecrypt_CFLAGS	= `libgnutls-config --cflags`
 endif
 
 # Extra targets

ntfsprogs/ntfsdecrypt.c

@@ -25,10 +25,6 @@
 
 #include "config.h"
 
-#if !defined(HAVE_GCRYPT_H) || !defined(HAVE_GNUTLS_PKCS12_H)
-#error A required header file is missing. Aborting.
-#endif
-
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -56,12 +52,8 @@
 #ifdef HAVE_ERRNO_H
 #include <errno.h>
 #endif
-#ifdef HAVE_GCRYPT_H
 #include <gcrypt.h>
-#endif
-#ifdef HAVE_GNUTLS_PKCS12_H
 #include <gnutls/pkcs12.h>
-#endif
 
 #include "types.h"
 #include "attrib.h"

ntfsprogs/ntfsmount.c

@@ -620,7 +620,7 @@ static int ntfs_fuse_open(const char *org_path,
 	if (ni) {
 		na = ntfs_attr_open(ni, AT_DATA, stream_name, stream_name_len);
 		if (na) {
-			if (NAttrEncrypted(na))
+			if (NAttrEncrypted(na) && !na->crypto)
 				res = -EACCES;
 			ntfs_attr_close(na);
 		} else