1b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o/* 2b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * Basic progam to add ext4 encryption to a file system 3b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * 4b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * Copyright 2015, Google, Inc. 5b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * 6b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * %Begin-Header% 7b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * This file may be redistributed under the terms of the GNU Public 8b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * License. 9b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o * %End-Header% 10b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o */ 11b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 12b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <stdio.h> 13b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <string.h> 14b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <unistd.h> 15b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <stdlib.h> 16b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <time.h> 17b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <sys/types.h> 18b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <sys/time.h> 19b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 20b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <ext2fs/ext2_fs.h> 21b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o#include <ext2fs/ext2fs.h> 22b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 23b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'oint main (int argc, char *argv[]) 24b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o{ 25b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o errcode_t retval = 0; 26b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o ext2_filsys fs; 27b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 28b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o setbuf(stdout, NULL); 29b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o setbuf(stderr, NULL); 30b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o initialize_ext2_error_table(); 31b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 32b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o if (argc != 2) { 33b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o fprintf(stderr, "%s: Usage <device|filesystem>\n", argv[0]); 34b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o exit(1); 35b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o } 36b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 37b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o retval = ext2fs_open(argv[1], EXT2_FLAG_RW, 0, 0, 38b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o unix_io_manager, &fs); 39b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 40b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o if (retval) { 41b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o com_err(argv[0], retval, "while trying to open '%s'", 42b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o argv[1]); 43b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o exit(1); 44b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o } 454ee26699823c945b1894880f53cea3b45b5e3a20Darrick J. Wong if (!ext2fs_has_feature_encrypt(fs->super)) { 464ee26699823c945b1894880f53cea3b45b5e3a20Darrick J. Wong ext2fs_set_feature_encrypt(fs->super); 47b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o fs->super->s_encrypt_algos[0] = 48b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o EXT4_ENCRYPTION_MODE_AES_256_XTS; 49b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o fs->super->s_encrypt_algos[1] = 50b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o EXT4_ENCRYPTION_MODE_AES_256_CTS; 51b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o ext2fs_mark_super_dirty(fs); 52b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o printf("Ext4 encryption enabled on %s\n", argv[1]); 53b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o } else 54b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o printf("Ext4 encryption already enabled on %s\n", argv[1]); 55b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 56b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o retval = ext2fs_close(fs); 57b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o if (retval) { 58b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o com_err(argv[0], retval, "while trying to close '%s'", 59b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o argv[1]); 60b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o exit(1); 61b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o } 62b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o return (0); 63b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o} 64b97bccecfe97270eb15f77d1580f16eb1125fc1cTheodore Ts'o 65