Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for libfscryptctl.so creation. #37

Open
DineshkumarJP opened this issue Dec 20, 2022 · 4 comments
Open

Add support for libfscryptctl.so creation. #37

DineshkumarJP opened this issue Dec 20, 2022 · 4 comments
Labels
enhancement

Comments

@DineshkumarJP
Copy link

Hi,

This user space tool is now active as a command-line tool. The.so file was required by some embedded devices, however, in order to link their programme.
@ebiggers
Copy link
Collaborator

fscryptctl is pretty bare-bones; it doesn't have much functionality beyond the underlying filesystem ioctls, other than handling input from the command line and stdin, and printing output to stdout and stderr. It's hard to see what would be in a libfscryptctl, exactly. What would you expect to be in it, and why would it be useful over just calling the ioctls yourself?

@DineshkumarJP
Copy link
Author

If this tool is 'libfscryptctl' compatible, we may access the APIs directly (ex. cmd_add_key) rather than using the command line. No additional system call is required to execute the command line arguments if we are utilising 'libfscryptctl' in any programme. Additionally, to handle the error code in their programme quickly.

@ebiggers
Copy link
Collaborator

If that's all you need, you could just rename main() to fscryptctl_main() and build a library that exports that one symbol, right? Note that it would still behave exactly like the command-line program, including using command line arguments as well as stdin / stdout / stderr. I do not know what your use case is, but I still think you should consider just using the ioctls directly.

@josephlr
Copy link
Member

josephlr commented Dec 20, 2022
edited
Loading

I agree with @ebiggers, it sounds like you want to call the ioctls directly. The ioctls are better documented than this CLI tool, and if you run into issues or bugs, you will be in a better position to search/ask for help.

For example, most of the code in cmd_add_key is for formating or reporting output via stdout/stderr, the actual core of the code is just:

  struct fscrypt_add_key_arg *arg = calloc(sizeof(*arg) + FSCRYPT_MAX_KEY_SIZE, 1);
  
  // Read key data in
  memcpy(arg->raw, key_in, FSCRYPT_MAX_KEY_SIZE);
  arg->raw_size = FSCRYPT_MAX_KEY_SIZE;
  arg->key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
  
  // Should do error checking here
  ioctl(fd, FS_IOC_ADD_ENCRYPTION_KEY, arg);
  
  // Read the identifier from the arg struct
  memcpy(id_out, arg->key_spec.u.identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ebiggers @josephlr @DineshkumarJP